Community discussions

MikroTik App
 
User avatar
Mainacety
just joined
Topic Author
Posts: 2
Joined: Thu Mar 26, 2020 9:51 pm

Cannot Access Server Without SRCNAT

Thu Mar 26, 2020 10:40 pm

Hi everyone!

I'm kind of new within the Mikrotik universe so I'm trying to do my best learning its functionnalities. :)

Whatever, I'm using a GLPI server inside my network. Before, I applied a simple port forwarding on 80 port with an OpenWRT router, so my remote PC connected to the server displayed their WAN IP and I could identified them.

Since I changed it with my up-to-date RouterOs, neither me or my remote UC can connect my server from the outside with an IP Forwarding Rule. I now require to add a srcnat chain masquerade rule to get connected. The IP source being NAT'ed to local address, every UC registered within my server is now displaying my RouterOS IP instead of their own WAN IP.

I checked my server (Debian) to check if it suddenly turned into a xenophobic server concerning WAN request, but everything's clear.

How could I resolve the problem according to you?

I'll post the /ip rules on tomorrow, but I'll be glad to read your suggestions meanwhile. :)
 
User avatar
bpwl
Member Candidate
Member Candidate
Posts: 269
Joined: Mon Apr 08, 2019 1:16 am

Re: Cannot Access Server Without SRCNAT

Fri Mar 27, 2020 9:56 pm

Limit the srcnat to the WAN-egress (wan outgoing) traffic only not for traffic to the LAN/server. Or limt the srcnat to the server source only.
WAN incoming traffic (your remote PC) should not be srcnat-ted.

See 5.2.1 in https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT
 
User avatar
Mainacety
just joined
Topic Author
Posts: 2
Joined: Thu Mar 26, 2020 9:51 pm

Re: Cannot Access Server Without SRCNAT

Sat Mar 28, 2020 5:16 am

Limit the srcnat to the WAN-egress (wan outgoing) traffic only not for traffic to the LAN/server. Or limt the srcnat to the server source only.
WAN incoming traffic (your remote PC) should not be srcnat-ted.

See 5.2.1 in https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT
Thank you.

Just before reading your answered, I just managed myself to access to my Winbox and understood how to solve my problem.

My firewall rule concerning my server was not working simply because of its place in the list...

So I added a Forward Chain in the firewall for the requested port, placed it above in the listed rule and then add the usual NAT rule with dstnat chain to my Server.

No, its working fine!

Thank you for your answer. :)

Who is online

Users browsing this forum: No registered users and 45 guests