Community discussions

MikroTik App
 
kneuzgi
just joined
Topic Author
Posts: 22
Joined: Thu Mar 13, 2014 10:33 am

Access own public internet IP from local LAN

Mon Mar 31, 2014 5:20 pm

Hi

I have a dynamic internet ip address from the provider and i've added a port forwarding on my mikrotik router
so that i can access a host behind. From all other network it's working fine but not from the local LAN

I'd like to access from local LAN (192.168.88.x) my dyndns IP address

Actually it's not possible. I guess I have to do some config changes....

Thanks for any help

Regards

Kneuzgi
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Access own public internet IP from local LAN

Mon Mar 31, 2014 5:43 pm

Have a look at Hairpin NAT:

http://wiki.mikrotik.com/wiki/Hairpin_NAT
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
kneuzgi
just joined
Topic Author
Posts: 22
Joined: Thu Mar 13, 2014 10:33 am

Re: Access own public internet IP from local LAN

Mon Mar 31, 2014 6:11 pm

Thanks for this tip

These two lines are in default config:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" out-interface=sfp1-gateway


I've added following:

/ip firewall nat
add chain=srcnat src-address=192.168.88.0/24 \
dst-address=192.168.88.2 protocol=tcp dst-port=80 \
out-interface=all-wireless action=masquerade


but it's not working ....

I guess I'm doing something wrong but I do not know what ??

Any help will be appreciated

Thank you very much
 
francisuk24
newbie
Posts: 28
Joined: Tue Mar 18, 2014 12:10 am
Location: United Kingdom
Contact:

Re: Access own public internet IP from local LAN

Mon Mar 31, 2014 8:35 pm

have a dynamic internet ip address from the provider and i've added a port forwarding on my mikrotik router
so that i can access a host behind. From all other network it's working fine but not from the local LANi
You need to create NAT rule.

Replace 192.168.88.x with your internal IP and port 8081

/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.88.x to-ports=8081 protocol=tcp dst-port=8081
RouterBoard RB750R2, RouterOS Level 4
ISP: Zen Internet via VDSL 2 > 74.68Mb Down / 17.84Mb Up
 
kneuzgi
just joined
Topic Author
Posts: 22
Joined: Thu Mar 13, 2014 10:33 am

Re: Access own public internet IP from local LAN

Thu Apr 03, 2014 6:00 pm

now it's possible to reach my mikrotik router over the public internet address (without going external, means traffic stays in the LAN)

my next problem is that i'd like to access my webcam (external link) over Wifi (internal LAN)

example external URL: mywebcam.dyndns.org:1234 (url with port 1234)
internal url: 192.168.88.22:80 (LAN IP address with default web port 80)

how can I solve that ?

Thanks
 
maomanna
just joined
Posts: 2
Joined: Mon Mar 31, 2014 9:55 am

Re: Access own public internet IP from local LAN

Fri Apr 04, 2014 1:20 am

/ip firewall nat
set chain=dstnat action=dst-nat to-addresses=192.168.88.22 to-ports=88 protocol=tcp dst-address='external ip' dst-port=12340
 
User avatar
j7n
newbie
Posts: 43
Joined: Mon Jan 06, 2014 9:55 pm

Re: Access own public internet IP from local LAN

Fri Apr 04, 2014 10:09 pm

You could avoid having separate port forwarding rules for traffic coming from LAN and WAN, by using "dst-address-type=local" to match the address of any router's interface.
/ip firewall nat
add action=dst-nat chain=dstnat dst-address-type=local dst-port=1234 protocol=tcp to-addresses=192.168.88.22 to-ports=80
dst-port and to-ports don't have to match.

Who is online

Users browsing this forum: Psycho, rjow2021, voltagex and 78 guests