Community discussions

MikroTik App
 
phineas
just joined
Topic Author
Posts: 2
Joined: Mon Aug 01, 2022 1:06 am

Accessing Forwarded port via A name when on network

Mon Aug 01, 2022 1:16 am

Hi all,

This seems like it has a simple solution yet I can't seem to figure it out.

Just some context to my setup, I often have to remotely turn on my PC at home so I set up a WOL script on a RPi on my network which I trigger with an SSH shortcut on my iPhone. To be able to access the IP I have an A Name setup and the RPi updates the DNS record. This work perfectly when I am not on my home network but when I am on my home network and I trigger it, the connection is refused and the following is recorded in the Mikrotik's logs "dstnat: in:bridge1 out:(unknown 0), src-mac be:61:**:**:**:**, proto TCP (SYN), phone_ip:55033->home_ip:pi_ssh_port, len 64"

In terms of config my Rb5009 is laid out very simply, Port 2-4 make up bridge1 which is my LAN and then port 5 is used as the WAN port for the feed from my ONT.

Just hoping someone can point me in the right direction. I went the route of adding a static DNS entry but that doesn't seem to be the answer.

I've got a very barebones firewall setup as can be seen below.

/ip firewall filter
add action=accept chain=input comment="accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=drop chain=input comment="drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="accept established,related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=\
in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=\
out,ipsec
add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment=PiSSH dst-port=pi_ssh_port log=yes protocol=\
tcp to-addresses=pi_ip to-ports=pi_ssh_port

Thanks in advance
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Accessing Forwarded port via A name when on network

Mon Aug 01, 2022 3:56 am

See https://help.mikrotik.com/docs/display/ ... HairpinNAT. Static DNS so internal and external lookps return corresponding internal and external addresses as an alternative should be fine too.
 
phineas
just joined
Topic Author
Posts: 2
Joined: Mon Aug 01, 2022 1:06 am

Re: Accessing Forwarded port via A name when on network

Mon Aug 01, 2022 11:46 am

That was it!
Thanks so much

Who is online

Users browsing this forum: Bing [Bot] and 41 guests