Community discussions

 
PsYcH
just joined
Topic Author
Posts: 19
Joined: Mon Jan 29, 2018 2:22 pm

Hairpin not working

Thu Sep 12, 2019 11:43 am

Hello, so trying to make hairpin in my network for port 2222 which runs on IP 192.168.1.203, but just cant make it work.... Here is my rules:
add action=dst-nat chain=dstnat comment="testinis 2222" disabled=yes dst-port=\
    2222 in-interface=bridge1 protocol=tcp src-address=192.168.1.0/24 \
    to-addresses=192.168.1.203 to-ports=2222
add action=masquerade chain=srcnat dst-address=192.168.1.203 dst-port=2222 \
    out-interface=bridge1 protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment="Allow ESXI " dst-port=\
    52960,80,443 in-interface=ether1 protocol=tcp src-address=some public IP \
    to-addresses=192.168.1.200
add action=dst-nat chain=dstnat comment="ESMC" disabled=yes dst-port=\
    2222,2223,3128 in-interface=ether1 protocol=tcp to-addresses=192.168.1.203
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment="RDP" dst-port=3389 \
    protocol=tcp to-addresses=192.168.1.202
add action=dst-nat chain=dstnat comment="RDP" disabled=yes \
    dst-address=88.119.49.142 dst-port=3389 protocol=tcp src-address=\
    192.168.1.0/24 to-addresses=192.168.1.202
add action=add-dst-to-address-list address-list="" address-list-timeout=\
    none-dynamic chain=srcnat disabled=yes dst-address=Some public IP dst-port=\
    3389 log=yes protocol=tcp src-address=192.168.1.12 to-ports=3389
  
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1086
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Hairpin not working

Thu Sep 12, 2019 12:13 pm

Modify this to work as you need it:
https://www.youtube.com/watch?v=_kw_bQyX-3U






(Shameless plug but it DOES work)
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
PsYcH
just joined
Topic Author
Posts: 19
Joined: Mon Jan 29, 2018 2:22 pm

Re: Hairpin not working

Fri Sep 13, 2019 5:08 pm

Modify this to work as you need it:
https://www.youtube.com/watch?v=_kw_bQyX-3U






(Shameless plug but it DOES work)
ok so I have added the rule to the top of my NAT rules:
add action=masquerade chain=srcnat comment="Hairpin" dst-address=\
192.168.1.0/24 src-address=192.168.1.0/24
and it`s not working
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Hairpin not working

Fri Sep 13, 2019 5:30 pm

Even your original config should work (if you enable first rule). So make sure that packets are really passing through router (you can add logging rules in prerouting and postrouting) and if not, see where they are blocked.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1086
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Hairpin not working

Fri Sep 13, 2019 6:15 pm

ok so I have added the rule to the top of my NAT rules:
add action=masquerade chain=srcnat comment="Hairpin" dst-address=\
192.168.1.0/24 src-address=192.168.1.0/24
and it`s not working
You clearly haven't done everything it says to then. There is more than just 1 line of srcnat.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
PsYcH
just joined
Topic Author
Posts: 19
Joined: Mon Jan 29, 2018 2:22 pm

Re: Hairpin not working

Sat Sep 14, 2019 12:23 pm

ok so I have added the rule to the top of my NAT rules:
add action=masquerade chain=srcnat comment="Hairpin" dst-address=\
192.168.1.0/24 src-address=192.168.1.0/24
and it`s not working
You clearly haven't done everything it says to then. There is more than just 1 line of srcnat.
if heard right, he says that i`m finished if i do have static public IP
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1086
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Hairpin not working

Sun Sep 15, 2019 1:36 pm

if heard right, he says that i`m finished if i do have static public IP
Try watching further the entire video, it needs the port forward rules creating PROPERLY to work.

He / I am quite sure if done properly it will work.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials

Who is online

Users browsing this forum: No registered users and 16 guests