Community discussions

MikroTik App
 
peymansh789
just joined
Topic Author
Posts: 2
Joined: Tue May 05, 2020 12:55 pm

access my webserver in local network

Tue May 05, 2020 1:04 pm

hello to all

first apologize for english

i have a web server behind the router mikrotik crs 236 24g . i access my web server from internet all thing work fine . but in local network cant access to my web server

nslookup in local network forwrd to my public ip . i run a dns server on windows server and forward my domain to static ip webserver after this my problem resolved . but i dont know my mikrotik dns forward ti ip public i set dns static is correctly


please help me for resolve this problem
 
User avatar
karlisi
Member
Member
Posts: 437
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: access my webserver in local network

Tue May 05, 2020 1:44 pm

It seems You need hairpin NAT
https://wiki.mikrotik.com/wiki/Hairpin_NAT
 
peymansh789
just joined
Topic Author
Posts: 2
Joined: Tue May 05, 2020 12:55 pm

Re: access my webserver in local network

Tue May 05, 2020 2:57 pm

It seems You need hairpin NAT
https://wiki.mikrotik.com/wiki/Hairpin_NAT
How should I use this code?
my local network range is 192.168.2.0/24 my router is 192.168.2.1 my webserver is 192.168.2.50 in centos 7 when dnslookup my site in local network forward to ip public . my ip public in 4g modem i dmz to 192.168.14.1 on router . in local network when open my site forward to ip public and open my 4g modem webconfig .

please help me?
 
User avatar
karlisi
Member
Member
Posts: 437
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: access my webserver in local network

Tue May 05, 2020 4:18 pm

Did you read that at all?
Look in /ip firewall nat
If you have default config, you already have this
add chain=srcnat out-interface=WAN action=masquerade
If you can access your webserver from outside of LAN, add this and all should work
add chain=dstnat dst-address=<your-public-ip-address-here> protocol=tcp dst-port=80 \
  action=dst-nat to-address=192.168.2.50
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: access my webserver in local network

Tue May 05, 2020 6:06 pm

Do you have a static or dynamic wanip?
post your config
/export hide-sensitive file=anynameyouwish
 
User avatar
achu
just joined
Posts: 2
Joined: Mon Mar 30, 2020 11:48 am
Location: PL

Re: access my webserver in local network

Tue May 05, 2020 11:20 pm

Set masquerade on WAN interface (e.g. sfp1)
/ip firewall nat add action=masquerade chain=srcnat out-interface=sfp1

In the example above, I assumed that the Internet enters the router with an sfp1 interface

Set the demilitarized zone in the 4G router to the address of the interface with which you provide Internet access to MikroTik (in this example sfp1). You probably have this interface as dhcp-client

Then set NAT:
/ip firewall nat add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=192.168.2.50 to-ports=80 comment=http from WAN
/ip firewall nat add action=dst-nat chain=dstnat dst-port=443 protocol=tcp to-addresses=192.168.2.50 to-ports=443 comment=https from WAN
/ip firewall nat add action=masquerade chain=srcnat dst-address=192.168.2.50 dst-port=80 protocol=tcp src-address=192.168.2.0/24 comment=http from LAN
/ip firewall nat add action=masquerade chain=srcnat dst-address=192.168.2.50 dst-port=443 protocol=tcp src-address=192.168.2.0/24 comment=http from WAN
Last edited by achu on Tue May 05, 2020 11:44 pm, edited 3 times in total.
 
User avatar
karlisi
Member
Member
Posts: 437
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: access my webserver in local network

Wed May 06, 2020 8:23 am

I supposed OP has static public IP, because
i access my web server from internet all thing work fine
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: access my webserver in local network

Wed May 06, 2020 3:57 pm

I supposed OP has static public IP, because
i access my web server from internet all thing work fine
Suggest you read that back to yourself as it makes no sense. (hint, whether the wanIP is static or dynamic makes no difference on accessing ones server behind the router).

What we need to see is how one has configured his source & destination nat rules and how one has configured the firewall rules, confirm which type of wanIP he/she has and then make the appropriate changes to included hairpin nat.

Who is online

Users browsing this forum: No registered users and 20 guests