I have tried this a couple of times but I am never stratified with my solution, perhaps my situation is different from the guides to I thought let's ask it here.
Situation
192.168.100.200 runs a webserver (nginx proxy) on poort 80 and 443
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment="SERV: HTTP" dst-port=80 in-interface-list=WAN protocol=tcp to-addresses=192.168.100.200 to-ports=80
add action=dst-nat chain=dstnat comment="SERV: HTTPS" dst-port=443 in-interface-list=WAN protocol=tcp to-addresses=192.168.100.200 to-ports=443
Assume 1.1.1.1 is my external IP
I can add the following rules (and they work)
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat comment="SERV: HTTP" dst-address=1.1.1.1. dst-port=80 protocol=tcp to-addresses=192.168.100.200 to-ports=80
add action=dst-nat chain=dstnat comment="SERV: HTTPS" dst-address=1.1.1.1 dst-port=443 protocol=tcp to-addresses=192.168.100.200 to-ports=443
According to the wiki (https://wiki.mikrotik.com/wiki/Hairpin_NAT) I should be able to add a rule like:
Code: Select all
/ip firewall nat
add chain=srcnat src-address=192.168.100.0/24 dst-address=192.168.100.200 protocol=tcp dst-port=80,443 out-interface=bridge-local action=masquerade
So: What is the best way to configure hairpin nat? It would be fantastic if I could have a single rule (with port list or something) for each server I also have port-forwarding for.
edit:
Just to clarify what I want to be able to do, I just want to be able to use
somesite.mydomain.com (80/443 to .220)
someothersite.mydomain.com (80/443 to .220)
gameserverA.mydomain.com (12345 to .123)
foobar.mydomain.com (54321 to .111)