I've setup a dstnat to access a webserver behind the router from the internet. Something is wrong.
Layout is:
internet
|
ISP router
Port forwarding setup for port 80, 1194 to mikrotik's 'WAN' IP.
|
192.168.0.0 subnet
|
mikrotik router, WAN: 192.168.0.27
|
internal subnets, see attached rsc
webserver running at 10.1.111.2
See also the dstnat config in the rsc:
Code: Select all
add action=dst-nat chain=dstnat comment="HTTP serving" dst-port=80 \
in-interface-list=WAN log=yes protocol=tcp to-addresses=10.1.111.2
The webserver is accessible from a 10.1.0.0 client.
The webserver can access the internet fine. Generally internet access works fine.
The webserver is INaccessible from a 192.168.0.0 client. Requesting http://192.168.0.27.
Of course then the webserver is INaccessible from the internet.
openvpn access from the internet works fine.
When trying to access the ISP routers WAN IP, port 80, the mikrotik NAT "HTTP serving" rule counter increases, so the router gets the packet.
The LOG has an entry:
Code: Select all
Message dstnat: in:ether1 out:(unknown 0), connection-state:new src-mac ****, proto TCP (SYN), 45.134.144.212:47012->192.168.0.27:80, len 40