I'm dealing with a thing that I've been trying to fix during the last months.
So, I have a ubuntu server with apache behind the Mikrotik, I have already made the dst rules and I'm able to access the webserver externally, fine by here... however when I try to get the webserver client's IP it returns me the mikrotik local IP and I have created a reserved IP it for my ubuntu server and it still returning the local IP.
-
-
joegoldman
Forum Veteran
- Posts: 767
- Joined:
Re: Apache in Mikrotik
Post your firewall NAT rules so we can look.
Re: Apache in Mikrotik
There is:
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat dst-address-list="" dst-port=8081 \
in-interface=ether2 protocol=tcp to-addresses=10.12.12.10 to-ports=8081
add action=dst-nat chain=dstnat disabled=yes dst-address-list="" dst-port=\
8080 in-interface=ether2 protocol=tcp to-addresses=10.12.12.10 to-ports=\
8081
add action=dst-nat chain=dstnat dst-address-list="" dst-port=235 \
in-interface=ether2 protocol=tcp to-addresses=10.12.12.10 to-ports=235
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether2 protocol=tcp \
to-addresses=10.12.12.10 to-ports=8081
add action=masquerade chain=srcnat dst-address=10.12.12.10 dst-port=80 \
protocol=tcp src-address=10.12.12.0/24
add action=masquerade chain=srcnat dst-address=10.24.24.100 dst-port=80 \
protocol=tcp src-address=10.24.24.0/24
add action=masquerade chain=srcnat disabled=yes out-interface=ether2
add action=dst-nat chain=dstnat comment="dvr frank" dst-address=10.8.0.101 \
dst-port=7070 protocol=tcp to-addresses=192.168.1.20 to-ports=443
add action=dst-nat chain=dstnat comment="dvr frank" dst-address=172.40.40.4 \
dst-port=39999 protocol=tcp to-addresses=10.70.70.236 to-ports=39999
add action=dst-nat chain=dstnat comment=damiao dst-port=8098 protocol=tcp \
to-addresses=10.40.0.202 to-ports=443
add action=dst-nat chain=dstnat dst-address=172.40.40.4 dst-port=25 protocol=\
tcp to-addresses=172.40.40.4
add action=dst-nat chain=dstnat comment="dvr frank" dst-address=172.40.40.4 \
dst-port=3002 protocol=tcp to-addresses=10.70.70.236 to-ports=3002
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=10.5.50.0/24
add action=dst-nat chain=dstnat comment="Cameras Babi" disabled=yes \
dst-address=186.250.20.23 dst-port=3660 protocol=tcp to-addresses=\
10.0.5.100 to-ports=3660
add action=dst-nat chain=dstnat comment="dvr brejinho g\E1s" disabled=yes \
dst-address=172.40.40.4 dst-port=34567 protocol=tcp to-addresses=\
10.70.70.142 to-ports=34567
add action=dst-nat chain=dstnat comment="dvr brejinho g\E1s" disabled=yes \
dst-address=172.40.40.4 dst-port=803 protocol=tcp to-addresses=\
10.70.70.142 to-ports=803
add action=dst-nat chain=dstnat comment="dvr brejinho g\E1s" disabled=yes \
dst-address=172.40.40.4 dst-port=34599 protocol=tcp to-addresses=\
10.70.70.142 to-ports=34599
add action=dst-nat chain=dstnat comment="Cameras Babi" disabled=yes \
dst-address=186.250.20.23 dst-port=4550 protocol=tcp to-addresses=\
10.0.5.100 to-ports=4550
add action=dst-nat chain=dstnat comment="Cameras Babi" disabled=yes \
dst-address=186.250.20.23 dst-port=5550 protocol=tcp to-addresses=\
10.0.5.100 to-ports=5550
add action=dst-nat chain=dstnat comment="dvr frank" disabled=yes dst-address=\
172.40.40.4 dst-port=806 protocol=tcp to-addresses=10.70.70.145 to-ports=\
8291
add action=dst-nat chain=dstnat dst-address=10.8.0.101 dst-port=5050 \
protocol=tcp to-addresses=100.100.100.24 to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-port=80 in-interface=all-ppp \
protocol=tcp to-addresses=10.12.12.10 to-ports=5128
add action=dst-nat chain=dstnat dst-address=10.8.0.101 dst-port=8686 \
protocol=tcp to-addresses=172.16.50.6 to-ports=8291
add action=dst-nat chain=dstnat dst-address=10.8.0.101 dst-port=2424 \
protocol=tcp to-addresses=10.24.24.100 to-ports=8291
add action=dst-nat chain=dstnat comment="REDIRECIONAMENTO DVR TOINHO" \
dst-port=8195 in-interface=ether2 protocol=tcp to-addresses=10.8.0.102 \
to-ports=8195
add action=dst-nat chain=dstnat disabled=yes dst-port=5190 in-interface=\
ether2 protocol=udp to-addresses=10.12.12.10 to-ports=5190
add action=dst-nat chain=dstnat dst-port=554 in-interface=ether2 protocol=tcp \
to-addresses=10.8.0.102 to-ports=554
add action=redirect chain=dstnat comment="PPPOE ADVERTSING" connection-mark=\
payment_reminder protocol=tcp to-ports=3128
add action=dst-nat chain=dstnat disabled=yes dst-port=4198 protocol=tcp \
to-addresses=10.12.12.10 to-ports=8080
add action=dst-nat chain=dstnat dst-address=10.24.24.0/24 dst-address-type=\
local dst-port=235 protocol=tcp to-addresses=10.70.70.225 to-ports=235
add action=src-nat chain=srcnat disabled=yes dst-address-type=local protocol=\
tcp src-address=10.12.12.10 to-addresses=10.24.24.0/24
add action=masquerade chain=srcnat disabled=yes out-interface=ether2 \
src-address=10.12.12.10
add action=netmap chain=srcnat disabled=yes dst-address=10.24.24.0/24 \
to-addresses=10.12.12.10
add action=dst-nat chain=dstnat dst-port=2121 in-interface=ether2 protocol=\
tcp to-addresses=10.12.12.10 to-ports=2121
add action=dst-nat chain=dstnat dst-port=5190 in-interface=ether2 protocol=\
udp to-addresses=10.12.12.10 to-ports=5190
add action=dst-nat chain=dstnat dst-port=7071-7100 in-interface=ether2 \
protocol=tcp to-addresses=10.12.12.10 to-ports=7071-7100
add action=masquerade chain=srcnat disabled=yes dst-port=235 protocol=tcp \
src-address=10.12.12.0/24
add action=masquerade chain=srcnat comment="default configuration" \
to-addresses=0.0.0.0
add action=dst-nat chain=dstnat dst-address=10.8.0.101 dst-port=2323 \
protocol=tcp to-addresses=10.24.24.1 to-ports=8291
add action=dst-nat chain=dstnat dst-address=10.8.0.101 dst-port=8565 \
protocol=tcp to-addresses=100.100.100.20 to-ports=8291
Re: Apache in Mikrotik
It's this rule:
You're masquerading anything, no matter where from or to it goes. If it's main NAT, then limit it to outgoing connections on WAN interface (add out-interface=<name of WAN interface>).
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
to-addresses=0.0.0.0Re: Apache in Mikrotik
Yeah, it's working now, however I can't access with hte public IP internally, I tried to harpin and didn't work.
Obs: The WAN interface is connected to another mikrotik.
Obs: The WAN interface is connected to another mikrotik.
Re: Apache in Mikrotik
If you try something and it doesn't work, you need to say exactly what you tried, i.e. post the rules. Otherwise nobody can tell if you perhaps tried it wrong or if there might some other problem. Always provide as many details as possible.