Hi I'm working in small company and we've got Mikrotik with RouterOS v6.46.6. Everything works fine but I've got one question.
I have a second www address redirected to our public IP address and when you enter this address in the browser, it will take you to the webfig mikrotik page instead of main company page.
Is there any way to redirect that adress to main page?
Re: Redirect from webfig
It is possible, but it's not very straight forward.
I'll assume a few things:
So what you can do is to change DST NAT rule so that it filters on WAN IP address rather than WAN interface (list). Additionally you have to implement hairpin NAT (it includes additional SRC NAT rule). However, this will disable access to webfig. (There are still two other possibilities to administer router: CLI via ssh and GUI using winbox, neither depend on how port 80 is handled by router).
If you want to keep webfig as management access, then you could craft DST NAT so that one management host on LAN (or a few) could access webfig but those couldn't access company's web page. It's either one of them, can't be both.
It's impossible to write needed configuration changes without first knowing exact current config of router. If you wish to get further assistance, post config (text export, obtained using CLI command /export hide-sensitive file=anynameyouwish ... remove any remaining sensitive infromation, such as public IP address(es), serial number, any passwords, ...)
There are other possibilities, but they (likely) involve dealing with other services (e.g. split DNS).
I'll assume a few things:
- company's main page FQDN points at router's WAN IP address
- there's a DST NAT rule which forwards access to port 80 from WAN interface to actual web server, which is hosted on a LAN server
- you're trying to access company's web page from a LAN computer and that computer resolves FQDN to WAN IP address
So what you can do is to change DST NAT rule so that it filters on WAN IP address rather than WAN interface (list). Additionally you have to implement hairpin NAT (it includes additional SRC NAT rule). However, this will disable access to webfig. (There are still two other possibilities to administer router: CLI via ssh and GUI using winbox, neither depend on how port 80 is handled by router).
If you want to keep webfig as management access, then you could craft DST NAT so that one management host on LAN (or a few) could access webfig but those couldn't access company's web page. It's either one of them, can't be both.
It's impossible to write needed configuration changes without first knowing exact current config of router. If you wish to get further assistance, post config (text export, obtained using CLI command /export hide-sensitive file=anynameyouwish ... remove any remaining sensitive infromation, such as public IP address(es), serial number, any passwords, ...)
There are other possibilities, but they (likely) involve dealing with other services (e.g. split DNS).