Replaced my 8 year old dlink router with a new RouterBoard running v6.38.5. Got it working, the wifi all set up and secured. The basics are all good to go.
So far I've read the hairpin nat wiki and a few other various posts.
Added 2 nat rules as it specified in the wiki, but the webserver is still being blocked over port 8080. The webserver is configured to run on both 80 and 8080. Using the local ip:80 it comes right up. The local ip:8080, nothing. It also runs a dynamic dns service, and is configured to point to my public ip:8080, since Cox doesn't allow outbound port 80. Incoming 8080 traffic to my internet IP needs to be routed to the webserver on the 192 network, same port 8080.
Tried this rule first:
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=8080 in-interface=ether1 protocol=tcp to-address=192.168.0.200 to-ports=8080
Anyway this didn't work. Then I read the Hairpin nat wiki. It has 2 rules, the first being very similar to the above, with the addition of
dst-address=(my public ip)
and the removal of the
to-ports=8080
for the first rule, and a second rule of
add chain=srcnat out-interface=ether1 action=masquerade
Added the second rule. Still no luck, even on the local ip:8080. I've tried it both with and without the to-ports setting. Doesn't work either way.
So then I found this thread, looks promising. I am not using pppoe, so perhaps me copying it nearly verbatim is my issue. Here is my current config after updating the NAT rules:
[admin@MikroTik] > ip firewall nat export
# apr/26/2017 19:49:55 by RouterOS 6.38.5
# software id = T5XA-V4CM
#
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
add action=masquerade chain=srcnat comment="Hairpin Nat" dst-address=!192.168.0.1 src-address=\
192.168.0.0/24
add action=dst-nat chain=dstnat comment="8080 Forward to webserver" dst-address=!192.168.0.1 \
dst-address-type=local dst-port=8080 protocol=tcp to-addresses=192.168.0.200 to-ports=8080
The differences I can see are there is no "in-interface" specified, and the dst-address does not equal entries. Hoping someone can help me get this working