A beginner here and I have been struggling for weeks now with this issue
Some time ago I have successfully done port forwarding to access my server from external networks using a domain - lets call it testdomain.com
I kept the default network configuration 192.168.88.1/24 and the server had a fixed IP 192.168.88.200, everything worked fine from outside when accessing the domain, but from the LAN I would always be taken to the router login page.
I read dozens of threads, articles, youtube videos over enabling hairpin NAT, but none of the examples worked for me, I really have no idea why.
Then I read in a couple of threads here that an alternative is to simply put the server on a different subnet/network so I thought I'd try that.
What I did then is assign the Eth3 to have another network setup as 192.168.90.1/24 and put the server to have static IP 192.168.90.200 and connected it to that port.
Setup the server's IPv4 to have 192.168.90.1 as gateway and 255.255.255.0 as subnet mask - the internet on the server works and it can see other computers and also other computers which have IP 192.168.88.XXX can see it.
If I try and access 192.168.90.200 from another PC browser, it correctly opens the website.
Also, I have altered the port forwarding rule in MT to point to the new IP and now when I am using external network to access testdomain.com the website is shown correctly.
Buuuut, I still cannot use testdomain.com from any computer on my internal network, for example a PC with IP 192.168.88.101, it still takes me to MT login page from any of those computers.
If I type 192.168.90.200 instead, it will correctly open the website.
Why is that so, did I miss the point completely, is the server not on separate network yet?
Here are some screenshots and the config:
Code: Select all
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.99
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.90.1/24 comment=Servers interface=ether3 network=192.168.90.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="port forward for server" dst-port=80 in-interface-list=WAN protocol=tcp to-addresses=192.168.90.200
add action=masquerade chain=srcnat comment="NAT hairpin" disabled=yes dst-address=!192.168.88.1 src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment="Hairpin NAT 2" disabled=yes dst-address=192.168.88.1 dst-address-type=local dst-port=80 protocol=tcp to-addresses=192.168.88.200 to-ports=80
/lcd interface pages
set 0 interfaces=sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10