Community discussions

MikroTik App
 
Armitage
just joined
Topic Author
Posts: 3
Joined: Sat Aug 29, 2020 2:43 am

Loopback not working CRS305-1G-4S+IN

Sat Aug 29, 2020 3:43 am

I recently bought a new router, a TP-Link Archer C5400X. Downstream from it i have a CRS305-1G-4S+IN to which all my equipment are connected to. I drew a picture to illustrate it better:
Image
When i try to access TrueNAS or the Nextcloud instance i have running on it via the domain i am using from equipment connected to the CRS305-1G-4S+IN, the connection times out. I can still access it via the local ip but this throws SSL errors since the common name is wrong. If i connect my equipment directly to the C5400X it works when i try to access it both using the domain and the local ip. It seems like the CRS305-1G-4S+IN is interfering with NAT loopback, and i do not understand why it is not working.

Earlier i had an Asus RT-N66U and this worked without problem, and i had everything connected exactly the same way just with another router.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Loopback not working CRS305-1G-4S+IN

Mon Aug 31, 2020 9:05 am

When you connect equipment directly to C5400X, you probably use separate port for NAS. Which might indicate that TP-Link supports hair-pin NAT only between different interfaces. In ROS world this would indicate partial implementation of functionality (without SRC-NAT part) which means that server (NAS) sees real client's LAN address as source and sends replies directly, bypassing TP-Link which can not rewrite DST-NAT-ed contents (dst-address and dst-port).

So nothing to do with CRS and you'd experience same problem when using just any ethernet switch in place of CRS.

The solution would be to run DNS server on LAN, which would return LAN IP address for your services. It works fine as long as you don't depend on port translation on WAN interface (e.g. running some secondary HTTP service on secondary LAN server, exposed to public via non-standard port such as 8000).
 
Armitage
just joined
Topic Author
Posts: 3
Joined: Sat Aug 29, 2020 2:43 am

Re: Loopback not working CRS305-1G-4S+IN

Mon Aug 31, 2020 7:47 pm

You might be on to something here. I tried switching to a Netgear GS105 unmanaged gigabit switch and the result was the same, i can only reach my NAS when i try to connect to the ip but no when i use the domain name. Thanks for pointing me in the right direction, i didn't expect to be able to get any clarity why this happened! I'll talk to TP Link support and maybe return it for an ASUS model instead since my last router came from them and worked without problem.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Loopback not working CRS305-1G-4S+IN

Mon Aug 31, 2020 8:12 pm

You might be on to something here. I tried switching to a Netgear GS105 unmanaged gigabit switch and the result was the same, i can only reach my NAS when i try to connect to the ip but no when i use the domain name. Thanks for pointing me in the right direction, i didn't expect to be able to get any clarity why this happened! I'll talk to TP Link support and maybe return it for an ASUS model instead since my last router came from them and worked without problem.

Wow, is this not a bit "back hand" slap in the face

Come to Mikrotik forum, gets resolved and points out where problem is (not on Mikrotik), then want to replace the crappy device with different make crappy device, why not replace it with a Mikrotik???
 
Armitage
just joined
Topic Author
Posts: 3
Joined: Sat Aug 29, 2020 2:43 am

Re: Loopback not working CRS305-1G-4S+IN

Mon Aug 31, 2020 8:18 pm

Woah, sorry, didn't mean anything bad i just think it is too advanced for me. I am really satisfied with the switch, but i am really just a consumer and what i saw from RouterOS during the short time it took me to change so the CRS305-1G-4S+IN to boot in SwOS, it is far far over what i can handle. If i could handle it, i would very well be open to replacing it with a Mikrotik, of course! Or is there a Mikrotik router that you think i could handle?

Again, sorry.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Loopback not working CRS305-1G-4S+IN

Mon Aug 31, 2020 8:45 pm

Unfortunately (or fortunately, depends on point of view) all Mikrotik routers are configured the same way. Indeed that way is not the easiest one, e.g. before mentioned hair-pin NAT can not be simply enabled, one has to configure a few NAT rules. If you feel you're not up to such tasks, then RouterOS may in deed not be the right choice for you.

If you decide to bite the bullet, then you're most welcome to ask questions.
 
parhamsan
just joined
Posts: 1
Joined: Thu Mar 07, 2024 6:00 pm

Re: Loopback not working CRS305-1G-4S+IN

Thu Mar 07, 2024 6:04 pm

Wow 4 years later and this issue has not been fixed on TP-LINK or maybe CRS305-1G-4S+IN!!!

I have recently upgraded to 3/3gb internet from Bell (Canada) and bought a TP-LINK ER8411 Omada router to use as my main router.

My setup/connection is like this: Bell (ISP) --->First SFP+ on ER8411 (internet is working and getting full speed on all 10gb devices)
From Second SFP+ on ER8411--->First SFP+ on YuanLey Unmanaged switch (4x2.5gb+2x10G SFP+)
From Second SFP+ on YuanLey to Microtik CR305-1G-4S+ (Used as bridge to connect my 3 computers with 10g nics) On the Microtik CR305-1G-4S+ all the ports are connected: sfp-sfpplus1=WAN from YuanLey, sfp-sfpplus2=SERVER, sfp-sfpplus3=HTPC, sfp-sfpplus4=PC

Now the odd thing is I have a reverse proxy setup on my SERVER machine and for some reason I cannot access my domain and subdomain on the PC/SERVER/HTPC that are connected to the Microtik CR305-1G-4S+ switch.

I can ping my domain and subdomains and can also access my services with local IP and ports but cant access them from the LAN using my domain and subdomain names.

I know the issue is cause by the TP-LINK ER8411 router, because when I boot/restart the router, for a good 20-30min I can access my domains from all the devices connected to Microtik (10g ports), but after a while I can't access them with my domain names; only with local IP addresses and ports. Its like some function in the ER8411 is triggered after sometime to mess up the Loopback.

So in summary:
Access from outside -> works
Access by domain name inside (over LAN) -> doesn't work
Ping domain from inside -> Gives external IP address

Currently the ER8411 is controlled by OC200, but I have also tested in standalone mode with the same result.
I don;t know if the issue is caused by the CR305-1G-4S+ or the ER8411.

Has anyone figured this out yet!!!

Thanks in advance.
 
mbovenka
Member
Member
Posts: 337
Joined: Mon Oct 14, 2019 10:14 am

Re: Loopback not working CRS305-1G-4S+IN

Fri Mar 08, 2024 1:49 pm

So in summary:
Access from outside -> works
Access by domain name inside (over LAN) -> doesn't work
Ping domain from inside -> Gives external IP address

Currently the ER8411 is controlled by OC200, but I have also tested in standalone mode with the same result.
I don;t know if the issue is caused by the CR305-1G-4S+ or the ER8411.

Two ways to fix this:
1) Split DNS, so that looking up the domain name from the inside gives you the internal address, and doing so from the outside gives you the external address.
2) Proper hairpin NAT, so that packets from the inside to your external address get bounced to the internal address.

Either way the CRS305 has nothing to do with it, and it's up to your Omada to do either of those things. I'm doing 2) in my Mikrotik router.

Who is online

Users browsing this forum: Bing [Bot] and 9 guests