For future issues, a one jpeg or snipped is rarely enough information.
Ideally, one provides
a. network diagram
b. full set of use case requirements (what users/devices should be able and should not be able to do, without noting any networking equipment or configuration words).
and finally if nothing else,
the bare minimum you should post is........
C. /export hide-sensitive file=anynameyouwish
As for loopback or hairpin whatever.......
The easisest solution is to put your server(s) on a different subnet.
The issue of hairpin ONLY occurs if the users are:
a. on the same LAN subnet as the server
b. using the external DYDNS name to access the server
Thus in terms of solutions, from my viewpoint the recommendations start with.......
1. put server(s) on a different subnet or VLAN
2. get users to use the actual LANIP of the server, which is more direct anyway.
3. the solution that rextended noted.................. which uses DNS and avoids NAT
4. Other methods of doing hairpin NAT...........
viewtopic.php?f=13&t=175064&p=856786&hi ... at#p856786
Now lets take a closer look at what rextended is proposing.
To put in terms I can understand (guru by volume not by knowledge
)
He basically INTERCEPTS any request by someone ON THE LAN SUBNETS heading towards the public IP via the DOMAIN NAME and redirects that to the server.
This is done by the following IP DNS STATIC rule:
Using the secret code name (NSA approved) of
regexep or something. ITS a funky word that no one has actually explained either stands for, means or does, but now would be a good time for somebody to do so!!
Lets look at the example. LANSUBNET=
88.1 server=
88.68 dyndns domain name=
www.vattelapesca.rex
/ip dns static
add address=192.168.88.68 regexp="(^|www\\.)vattelappesca\\.rex\$" ttl=5m