Community discussions

MikroTik App
  4. RouterOS
  5. General

Hairpin NAT not working on RouterOS 6 line WAN load balancing

Post Reply
 
vanthoi
just joined
Topic Author
Posts: 7
Joined: Sun Jan 06, 2019 6:12 pm

Hairpin NAT not working on RouterOS 6 line WAN load balancing

Mon Jan 07, 2019 5:14 am

I am having problems with my RouterOS. I have 6 WAN lines. I have run load balancing mode. Everything works very stable. It's just that I'm trying to NAT some things that don't work as expected.

The first is about Hairpin NAT.
I tried nat according to the instructions on the wiki. But somehow it doesn't work in internal LAN. This is my NAT configuration:
Code: Select all
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-port=5060 out-interface=LAN protocol=udp src-address=172.16.0.0/22 to-ports=5060
add action=dst-nat chain=dstnat dst-address=ip-of-wan3 dst-port=5060 protocol=udp to-addresses=172.16.0.10 to-ports=5060

add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.35 dst-port=443 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=443
add action=dst-nat chain=dstnat dst-address=ip-of-wan2 dst-port=443 protocol=tcp to-addresses=172.16.0.35 to-ports=443
The second is about NAT out on a fixed WAN IP line. Sometimes it works, sometimes it doesn't work. This is my NAT configuration:
Code: Select all
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.5 dst-port=4370 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4370
add action=dst-nat chain=dstnat comment="CHAM CONG T1" dst-address=ip-of-wan4 dst-port=4370 protocol=tcp to-addresses=172.16.0.5 to-ports=4370
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.6 dst-port=4371 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4371
add action=dst-nat chain=dstnat comment="CHAM CONG T2" dst-address=ip-of-wan4 dst-port=4371 protocol=tcp to-addresses=172.16.0.6 to-ports=4371
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.7 dst-port=4372 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4372
add action=dst-nat chain=dstnat comment="CHAM CONG T3" dst-address=ip-of-wan4 dst-port=4372 protocol=tcp to-addresses=172.16.0.7 to-ports=4372
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.8 dst-port=4373 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4373
add action=dst-nat chain=dstnat comment="CHAM CONG T4" dst-address=ip-of-wan4 dst-port=4373 protocol=tcp to-addresses=172.16.0.8 to-ports=4373
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.35 dst-port=443 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=443
In this case, "CHAM CONG T1" and "CHAM CONG T4" are already active. But the remaining 2 ip does not work.
Top
 
vanthoi
just joined
Topic Author
Posts: 7
Joined: Sun Jan 06, 2019 6:12 pm

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Thu Jan 10, 2019 5:40 am

Can anyone support me this problem.
Thank you!
Top
 
ivicask
Member
Member
Posts: 425
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Thu Jan 10, 2019 10:59 am

Can anyone support me this problem.
Thank you!
For me doesnt work without this rule also

add action=masquerade chain=srcnat comment=HAIRPIN dst-address=192.168.1.0/24 out-interface=LAN src-address=192.168.1.0/24

Change ips and out interface to match your network.
Top
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Thu Jan 10, 2019 11:05 am

Hey. If all your rules are identical, maybe your PCs has some firewall rules that blocking your traffic? Like CHAM CONG T2 and CHAM CONG T3.
Last edited by Anumrak on Thu Jan 10, 2019 11:08 am, edited 1 time in total.
Top
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Thu Jan 10, 2019 11:07 am

Can anyone support me this problem.
Thank you!
For me doesnt work without this rule also

add action=masquerade chain=srcnat comment=HAIRPIN dst-address=192.168.1.0/24 out-interface=LAN src-address=192.168.1.0/24

Change ips and out interface to match your network.
He have this rule already
Code: Select all
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.6 dst-port=4371 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4371
Top
 
ivicask
Member
Member
Posts: 425
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Thu Jan 10, 2019 11:25 am

Can anyone support me this problem.
Thank you!
For me doesnt work without this rule also

add action=masquerade chain=srcnat comment=HAIRPIN dst-address=192.168.1.0/24 out-interface=LAN src-address=192.168.1.0/24

Change ips and out interface to match your network.
He have this rule already
Code: Select all
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.6 dst-port=4371 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4371
yes, but he should change it like i have it for test, like 172.16.0.0/24 for both dst and src adress without any ports rule before other dstnat rules
Top
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Thu Jan 10, 2019 11:34 am

Can anyone support me this problem.
Thank you!
For me doesnt work without this rule also

add action=masquerade chain=srcnat comment=HAIRPIN dst-address=192.168.1.0/24 out-interface=LAN src-address=192.168.1.0/24

Change ips and out interface to match your network.
He have this rule already
Code: Select all
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.6 dst-port=4371 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4371
yes, but he should change it like i have it for test, like 172.16.0.0/24 for both dst and src adress without any ports rule before other dstnat rules
I have well working rule in my net, so it is not necessary to dstnat the subnet. And he said all rules are working except 2 hosts. So it should be problem in hosts themselves.
Top
 
ivicask
Member
Member
Posts: 425
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Thu Jan 10, 2019 11:42 am

Can anyone support me this problem.
Thank you!
For me doesnt work without this rule also

add action=masquerade chain=srcnat comment=HAIRPIN dst-address=192.168.1.0/24 out-interface=LAN src-address=192.168.1.0/24

Change ips and out interface to match your network.
He have this rule already
Code: Select all
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.6 dst-port=4371 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4371
yes, but he should change it like i have it for test, like 172.16.0.0/24 for both dst and src adress without any ports rule before other dstnat rules
I have well working rule in my net, so it is not necessary to dstnat the subnet. And he said all rules are working except 2 hosts. So it should be problem in hosts themselves.
But than it wouldnt even work directly by ip if its firewall problem on them, which i asume it works, and mikrotik redirects to IP so it has nothing to do with DNS or firewall on those computers also.

Right?

Super easy test is to turn off firewall on one pc and see if it works.
Top
 
vanthoi
just joined
Topic Author
Posts: 7
Joined: Sun Jan 06, 2019 6:12 pm

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Fri Jan 11, 2019 4:24 pm

Sorry guys. I solved the problem. This stupid error because I configured false load balancing. So they had mixed packets together. Causing troublesome errors on. Thank you for your help! By the way, can you ask me? How do I only allow ip or a certain url, only go on a single WAN?
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], erlinden, Google [Bot], k6ccc, karhill, xrlls and 114 guests
  4. RouterOS
  5. General