Community discussions

MikroTik App
 
gigibu5
just joined
Topic Author
Posts: 1
Joined: Sat Dec 26, 2020 12:51 am

NAT loopback/hairpin

Sat Dec 26, 2020 1:17 am

Hello, first of all, I would like to apologize for all my gramatical errors, I'm not a native speaker :D

I'm trying to do some port forwarding, and this is how far i have come. But first, something about my network:

I have a hEX s router and a CSS326 switch. My internet connection is a PPPoE provided by my ISP (dynamic IP). I have 4 subnets:
10.10.10.0/24 - Home
10.10.20.0/24 - Lab
10.10.30.0/24 - Production
10.10.40.0/24 - Guest

Curently, there are no firewall rules on these subnets, but in the future, these should not access each other, except for lab maybe, wich would have access to every network.

I'm trying to do some port forwarding, curently to a machine in my LAB network. I have sucsessfully created a dst-nat rule, so that i can have ssh access from outside my home. But I have a problem, beacuse if I access my external IP from inside the network, the connection isn't established. I have read about NAT hairpin, I have tried about three and none of them seem to work.
My dst-nat now looks like this:
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=22 protocol=tcp to-addresses=10.10.20.49 to-ports=22
WAN -> address list, that gets my external IP from hostname (using Mikrotiks cloud feature)
As I understand it, everything, that has the external IP and want's to go to port 22, is translated to 10.10.20.49:22 (correct me, if I'm wrong).

Thank you for your help.

Who is online

Users browsing this forum: Bing [Bot] and 201 guests