I have services inside LAN acceptable using NAT, including mail servers. They work as normal from outside world, but the time has come when I need them to communicate with each other. Unfortunately it's not enough to just use Mikrotik's own DNS service to indicate their LAN ip address, there must be also MX records etc. So it is required that one mail server to access another mail server using WAN ip address instead. How to do this?
Right now, I'm differentiating traffic by incoming WAN ip address and interface, like:
Code: Select all
add action=dst-nat chain=dstnat comment="Email service to Server 1" dst-address=10.10.10.10 \
dst-port=25,110,993,995,143,587,465 in-interface=ether2 protocol=tcp \
to-addresses=192.168.10.10
add action=dst-nat chain=dstnat comment="Email service to Server 2" dst-address=20.20.20.10 \
dst-port=25,110,993,995,143,587,465 in-interface=ether2 protocol=tcp \
to-addresses=192.168.20.10
besides mail services they also act as a web servers. So they also can't reach each other through WAN ip addresses, I have to exclusively set LAN ip address in the DNS server for individual web site I want to access from either machine, for example 192.168.10.10 IN A websitedomain.com, etc....
Thanks!!