Community discussions

MikroTik App
 
yakcora
newbie
Topic Author
Posts: 25
Joined: Sun Mar 04, 2007 9:22 am

web server behind mikrotik internal userscannot browse site

Tue Jul 07, 2009 6:55 am

Hi

I have a web server behind a Mikrotik hosting http://www.xyz.com
people can browse the http://www.xyz.com if they are OUTSIDE my network
but no one can browse the http://www.xyz.com if they come in to my network

if I do not define the out-interface on masquerade it works but then a whole new box of baaaad stuff happens with other stuff

here is my setup
dsl with dynamic ip with changeip service
my mikrotik web interface is on port 88

add disabled=no interface=eth1-LAN type=internal
add disabled=no interface=eth3-DSL type=external

add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=eth3-DSL protocol=tcp to-addresses=192.168.99.250
add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=eth1-LAN protocol=tcp to-addresses=192.168.99.250

add action=masquerade chain=srcnat disabled=no out-interface=eth3-DSL

Oh I have only one IP ...
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8465
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: web server behind mikrotik internal userscannot browse site

Wed Jul 08, 2009 12:51 am

four solutions, the first one is the best =)

1) you may use split-DNS, so that your internal users receive server's internal address
2) you may use web-proxy in MT, just set static entry in /ip dns for your sitename and internal address
3) move your server's address to another IP subnet
4) simply add src-nat rule, as you cannot dst-nat to the same subnet

p.s. yahooo!!! it's my 2009'th post on The Forum :D
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot] and 99 guests