Hello,
To clarify this is a home network and all I'm trying to accomplish is to fix the following:
- "Unable to access your server via the DOMAIN name from the LAN on dynamic wanip"
or
- Setup a rule that every other router you can buy (from off the shelf router from bestbuy) for home has built in and out of the box for last 15 years. (if I forward port 80), I can access it from lan using my domain name and dynamic wanip
Testing results 1:
@p3rad0x
/ip firewall nat chain=src-chain src-address=192.168.1.0/24 dst-address=192.168.1.0/24 out-interface=bridge action=masquerade
Doesn't seem to work. "when you say lan facing interface, that should include all of them eth2-4+wifi-lan". so I've selected bridge.
Still can't access lucasmanual dot com port 80
Testing Result 2:
@anav
The forum topic describes exactly the problem Thank you!; "unable to access my domain from lan", but it has a lot of background details and at the end confuses me on which part i need to apply to solve MY problem:
It appears that:
this suppose to work based on their example which is same rule as in test result 1, but it appears it comes with "the problem", which as a web developer I had once pleasure debugging. Needless to say I would like the client receiving response from correct dynamic wanip. This leads me to believe in addition to "HAIRPIN NAT Rule Test results 1" I need to add something else? _What_? (I did item 6 in that topic, and still doesn't work) :
quoting from article:
""
add chain=srcnat action=masquerade dst-address=192.168.88.0/24 src-address=192.168.88.0/24
Courtesy of Sob, (the problem):
"- user client 192.168.88.5 wants to connect to
www.myserver.net, resolves hostname, gets 47.123.12.89 and sends initial packet to it
- client doesn't have any idea where 47.123.12.89 is, as far as it knows, it can be on the other side of planet
- dstnat rule changes packet's destination address to 192.168.88.68 and sends it to server
- source address is not changed, it's still 192.168.88.5 <- the problem
- server gets the packet and sends response directly to 192.168.88.5, because it's in same subnet!!
- client throws it away, because it doesn't expect any response from 192.168.88.68
the client is expecting a response from 47.xx
""""
Test Result 3:
Re-Reading the article @anav
It appears that adding a masquerade rules
/ip firewall nat chain=src-chain src-address=192.168.1.0/24 dst-address=192.168.1.0/24 out-interface=bridge action=masquerade
HAS to be followed by modifying the firewall nat rule that we setup before to forward port#'s
Changing (although please correct me if this is not correct,or I'm doing it wrong)
to:
add chain=dstnat action=dst-nat dst-address-type=local dst-address=!192.168.1.1 \
protocol=tcp dst-port=80 to-addresses=192.168.1.10