My current working configuration involves port forwarding + hairpin NAT allowing me to connect to the server by specifying exact port:
Code: Select all
[leikoilja@MikroTik Hub] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none
1 ;;; Hairpin NAT dst
chain=dstnat action=dst-nat to-addresses=192.168.88.10 to-ports=8123 protocol=tcp dst-port=8123 log=no log-prefix=""
3 ;;; HomeAssistant Hairpin NAT src
chain=srcnat action=masquerade protocol=tcp src-address=192.168.88.0/24 dst-address=192.168.88.10 dst-port=8123 log=no log-prefix=""
5 ;;; Raspberry Pi Hassio
chain=dstnat action=dst-nat to-addresses=192.168.88.10 to-ports=8123 protocol=tcp dst-address=46.162.106.XX in-interface=all-ethernet dst-port=8123 log=no log-prefix=""
10 ;;; Nginx proxy manager
chain=dstnat action=dst-nat to-addresses=192.168.88.10 to-ports=80 protocol=tcp in-interface=ether1 dst-port=80 log=no log-prefix=""
11 ;;; Nginx proxy manager
chain=dstnat action=dst-nat to-addresses=192.168.88.10 to-ports=443 protocol=tcp in-interface=ether1 dst-port=443 log=no log-prefix=""
from LAN https://mydomain.com:8123 and from external https://mydomain.com:8123
Now the problem arises when i want to drop the port and just reach the server using subdomain like https://sub.mydomain.com
I setup the nginx proxy manager to point at 192.168.88.10:8123 when reaching on subdoian and it works fine when i access https://sub.mydomain.com from external network, but fails to connect when connecting from LAN. I believe I need to redo my HAIRPIT NAT rules, but i can't seem to make it work.
Any help is highly appreciated