Hello,



The above picture show how is part of my network.

I have a routerboard 750, with ethernet 2-5 in bridge called LAN AND ether1 for MODEM and a PPPoE interface VELOX-PPPoE (not important?), and I have a Linksys EA2700 in the eth2 and in that linksys I have at eth1 the computer *.39 and eth2 the computer *.36.

well In this RB I have the following dst nat:
ok, so, In my computer "10.0.0.39" I can't load the web page alocated in "10.0.0.36" if I use "http://10.0.0.33:3680", but, if I use any other device that is connected in wireless of linksys I can use this port fowarding without problem.



My question is, why this occur? and if is possible to fix it.

Well *.39 is windows 7, *.36 is ubuntu, *.37 is windows 7

No one can just explain me why that happen?

Your NAT rule is not specific enough, it will catch anything going to port 3680, which is most likely not what you want. Even http://www.google.com:3680 will be redirected to 10.0.0.36:80. It will probably not open the page (if you don't have additional NAT rule), but you could see increasing packet counter for the rule. You should add either dst-address-type=local or dst-address=<your router's ip>. And then search MikroTik's wiki for "hairpin NAT", that's the other rule you need. As for why it works from .37 and not from .39, I'm not sure. Perhaps some other firewall rules not shown here...

Yamash: please add +1 Karma to Sob,
has identified your problem and proposed the solution.

Well, being modest man, I'd say it's probably step in the right direction, but in no way complete explanation. If it already worked for some devices, he must have had hairpin NAT implemented already. But doing it accidentally for only some devices seems strange, so there might be more to it.

In advance, thanks for the help.

I will clarify the question, I have a ubuntu server IP 10.0.0.36 (pitcairn.codex), mikrotik 10.0.0.33 (connor.codex) and 10.0.0.39 (charles.codex).

My topology for that question is:


All ports under a bridge called LAN, ether2 goes to the EA2700 (A BRIDGE) and from that one cable to pitcairn.codex and another to connor.codex. Inside connor.codex I have the following firewall nat rule Well the main propose of having this rule is to access my page behind the NAT of my routerboard from WAN, if I use "mydomain.com:3680" it will redirect to "pitcairn.codex:80".
This is working very well.

If I try inside my network with my Windows 7 computer (charles.codex) it will not work, first, was not working because I've not enabled yet to use "USE IP FIREWALL" (commented above), but after I've enabled it, it still not worked.

But I have checked that any another device in my network (NOT CONNECTED IN THE ETHERNET OF EA2700) (BUT YES AT WLAN) (AND YES AT ANY ANOTHER DEVICE) worked fine.

Today I'm using a RB 2011UAS-2HnD and charles.codex is at eth2 and pitcairn.codex is at eth3 it work fine with the NAT, but, I still want to know, why it don't work if connected both charles.codex and pitcairn.codex at EA2700 bridged?

Is it a problem? this have a mean? is not a problem? I just want to know and if anyone know what I did wrong? or what I can do to avoid/bypass this type of problem?

Thanks for you time, I know that this can be a very stupid ask for you guys but to me still a trouble in my mind!

The explanation should be in your other firewall rules (assuming Linksys is really fully transparent bridge). Because as it is now, we're sure you have working port forward (unnecessarily broad one, but that's not the real problem here). But that by itself, without additional rule, can not work from any computer in your LAN (*1). So it seems you have something on the router already. Also the IP firewall for bridge seems unnecessary, unless you're doing some filtering between ports.

(*1) It's described here and although that's meant for accessing external address from LAN, it's the same for router's internal address. The basic problem is that .39 sends packet to .33, it redirects it to .36, but the source still remains .39 and because it's the same subnet, .36 sends reply directly to .39. But .39 thinks that it communicates with .33 and it does not expect anything from .36, so it does not accept it and connection does not work.

Thank you very much, I was thinking, in my case, it's possible that what was happening when the "Use ip firewall" was activated can be that it was communicating directly inside of the switch of the Linksys, can't be?

-- I read about Hair Pin Nat and put into practice, below the results.

First, I set my block page to works, it worked like a charm. Second, let put it to work with webserver. When I tested this rule every time that I tried to access "http://mydomain.com:3680" I was redirected to RouterBoard (connor.codex) page.
I tried to solve this changing "port or disable" in "IP > Services > http" but that did not worked. (When I did "Ip Service" changes, the page wont load).

I think that is something easy that I'm forgetting, but for real? I didnt realized it what is.

I'm still trying to make this work, anyone can help?

Hair extensions and hairpieces really can help to improve the looking of people and help to change them a lot hair extensions and hairpieces if choosing the right type and right style of hair wigs for you, of course that you will look and become more and more attractive and also buy cheap hair wigs now is easy as you can just get the ideal style that you want online at online shops now. I have just buy me a fringe wigs and it is perfect.

Do you like wigs? then there are so many kinds of mens hair wig,there will always exist one for you.

If you are always have problem with finding one suitable and cute enough hair wigs for yourself ,then you may need to spare your time and come to Hwiriwgsall to have a look for further considerations, since it can be easy for you to do now, and it also won't take long time of you.

If you are always have problem with finding one suitable and cute enough hair wigs for yourself ,then you may need to spare your time and come to Hairwigsall to have a look for further considerations, since it can be easy for you to do now, and it also won't take long time of you.

If you are always looking for one comfortable and suitable synthetic wig, you may need to spend a few minutes to come to have a look before you make decisions.