Community discussions

MikroTik App
 
IgnacioAA
just joined
Topic Author
Posts: 8
Joined: Thu Sep 24, 2020 4:27 pm

portforwarding from lan and from outside lan

Wed May 18, 2022 4:56 pm

Hello, I appreciate the help for the following problem.

I have 3 tablets that connect via Wi-Fi in the same IP range 192.168.1.0/24 of the computers' LAN and they have software that they run and must connect to a server so that it downloads the data and it delivers information .
So do a portforwarding in the router rule and it connects to that server as long as it doesn't connect to the Wi-Fi network.
If these computers then connect to the Wi-Fi service of the router, they cannot connect to the server.
How can I make it so that when it connects to the Wi-Fi network, it connects to the server by DNS address and not by local IP?
What I did was create an openvpn service and assign it a local IP and in this way if it achieves the connection what happens is that in this way the computer sometimes loses the connection because it does not have a good connection.
If someone can help me to carry out the portforwarding and that when I am in the Wi-Fi lan I can find the equipment by this way, I would appreciate solutions.
Thank you.
Greetings
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: portforwarding from lan and from outside lan

Wed May 18, 2022 6:57 pm

You are probably running into hairpin nat scenario.
viewtopic.php?t=179343
 
IgnacioAA
just joined
Topic Author
Posts: 8
Joined: Thu Sep 24, 2020 4:27 pm

Re: portforwarding from lan and from outside lan

Thu Jun 09, 2022 8:04 pm

Help Hairpin nat

Hello, I appreciate the help for the following scenario.

I have configured a 192.168.1.0 lan network in which I have a server at the ip 192.168.1.40 which with the following rule can apply Hairpin nat and addressing by domain name worked for me.
What I needed to solve is that in the web browser I wrote laipdemidominio.com and this from the local lan network could view the server and from outside my network (internet) I could also access by saying that domain.
Now I have the following inconvenience: create a virtual Wi-Fi network with the IP 192.168.10.0 and I want this to be the one that can access the server by typing laipdemidominio.com from that virtual Wi-Fi network and wish outside of it.
And within the local network 192.168.1.0 you can access the server 192.168.1.40 simply by typing the ip and not inserting the domain name laipdemidominio.com.
This case is because I need to segment into some computers that connect with the IP to the server application and the others that are mobile devices can access with the domain name.
I appreciate suggestions.

exampledns= laipdemidominio.com because my public ip is dynamic.

add action=dst-nat chain=dstnat comment="DVR PORT FORWARDING HARPIN NAT" \
dst-address-list=ejemploDns dst-port=80 protocol=tcp to-addresses=\
192.168.1.40 to-ports=80
add action=masquerade chain=srcnat comment="HARPIN NAT" dst-address=\
192.168.1.40 dst-port=80 protocol=tcp src-address=192.168.1.0/24
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: portforwarding from lan and from outside lan

Thu Jun 09, 2022 8:14 pm

Hairpin NAT does not apply to subnets on the local LAN that are different from the LAN the server is on.
What you should ensure is that the virtual wlan has access to the internet in firewall rules.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: portforwarding from lan and from outside lan

Thu Jun 09, 2022 8:14 pm

You shouldn't need to do anything, if the access is allowed from internet and from one local subnet, with usual config it will work also from other local subnets. If it doesn't then you probably don't have usual config. Your dstnat rule is fine, srcnat is not needed for this, so it can be something in /ip firewall filter.

Who is online

Users browsing this forum: Ahrefs [Bot], anav and 33 guests