Can't access my dst-nat web service from inside

jonm · Thu Jan 18, 2007 1:45 pm

Mikrotik box, 2 network cards, INSIDE and OUTSIDE. I'm using masquerading to allow the private inside network access to the internet. I'm also using dstnat to map through port 80 to a webserver on the private INSIDE network. Here's the problem I can access the webservice with its OUTSIDE/PUBLIC address just fine from the public internet. However, users on the INSIDE network cannot access it with the public address. Any ideas?? I think it has something to do with the masquerading. Any ideas would really be appreciated!!

Thu Jan 18, 2007 2:09 pm

Please, post your 'DST-NAT' rule, probably it causes issues.

Alternative, 'dns static cache' option to make sure that local web-server is accessible.
Forward DNS request to RouterOS dns cache, add server to static cache.

jonm · Thu Jan 18, 2007 2:24 pm

add chain=dstnat dst-address=205.162.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=172.16.0.6 to-ports=80

Here is the NAT rule, with the exception that I changed part of the dst-address to conceal the real IP.

savage · Thu Jan 18, 2007 2:38 pm

As far as I know, a masq'ed network can't dst-nat back into the same masq'ed network using masq/dst nat... Not unless more routers are used...

Perhaps there is a config I haven't seen before, but I have experienced this very thing with allot of OSes...

jonm · Thu Jan 18, 2007 2:42 pm

do you think using src-nat without masquerading would work better.
Like this?

add chain=srcnat out-interface=OUT action=src-nat to-addresses=205.162.x.x to-ports=0-65535

maroon · Fri Mar 09, 2007 3:24 pm

i'm facing the same problem
i also tried to src-nat the internal network to a public ip and i still can't access my webserver from the internal network

any help would be appreciated !

Regards,