Community discussions

 
bedamusa
just joined
Topic Author
Posts: 7
Joined: Sat Sep 03, 2016 8:39 pm

Hairpin nat two wan Not working

Mon Nov 11, 2019 12:19 am

Hi all,

I have RB433AH with successfully work fileover and forwarded wan1 port to a web server at 192.168.2.80. It is reachable from outside the LAN using domain name and IP. I want to reach the real address and domain name from the LAN using Hairpin NAT but not working. This is my firewal rules.

Code: Select all

/ip firewall filter
add action=fasttrack-connection chain=forward comment=FastTrack \
connection-state=established,related
add action=accept chain=forward comment="Established, Related" \
connection-state=established,related
add action=accept chain=forward comment="allow DNAT" connection-nat-state=\
dstnat
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
log=yes log-prefix=invalid
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=accept chain=input src-address-list=mgmt
add action=accept chain=input protocol=icmp
add action=drop chain=input in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Harpin NAT" \
dst-address=192.168.2.80 dst-port=80 \
protocol=tcp src-address=192.168.2.0/24
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Web for test" dst-address=\
1.1.1.1 dst-port=80 protocol=tcp to-addresses=192.168.2.80 to-ports=\
92
Hope someone has an idea where the problem is Thanks!
 
Sob
Forum Guru
Forum Guru
Posts: 4784
Joined: Mon Apr 20, 2009 9:11 pm

Re: Hairpin nat two wan Not working

Mon Nov 11, 2019 12:50 am

You posted only part of your config, so I can't tell for sure, but the usual problem is when routing is marked for some packets, they no longer use main routing table and then don't see even locally connected networks. Solution is to either exclude something from marking, or use routing rules to lookup local networks only in main routing table.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
bedamusa
just joined
Topic Author
Posts: 7
Joined: Sat Sep 03, 2016 8:39 pm

Re: Hairpin nat two wan Not working

Tue Nov 12, 2019 1:04 am

Which part should I put in order for the problem to be understood?
 
Sob
Forum Guru
Forum Guru
Posts: 4784
Joined: Mon Apr 20, 2009 9:11 pm

Re: Hairpin nat two wan Not working

Tue Nov 12, 2019 10:15 pm

If you're not sure, whole config is good choice. But if it's what I think, "/ip route" and "/ip firewall mangle" could be enough.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: MSN [Bot] and 28 guests