hello
I do have 2 web services that I would like to be avaialble locally with the external IP
i read that its possible by running the following procedure
https://wiki.mikrotik.com/wiki/Hairpin_NAT
I do have dynamic IP on the WAN interface, what should be the right firewall nat rules that I should assign?
i understand that i will need two rules one for chain dstnat with the external ip address that will go through the ether1 (wan) interface and one for accessing dst-address locally
is it right?
tnx in advance
Re: Hairpin NAT
viewtopic.php?f=2&t=162869&p=802503#p802503
The basics for loopback or hairpin nat with dynamic wanip are.
1. add extra masquerade rule (also needed for fixed/static wanip)
2. modify dstnat rule according to method desired (no change required for fixed/static wanip)
3. ensure fw forward chain rules allow dstnat (also needed for fixed/statck wanip)
The basics for loopback or hairpin nat with dynamic wanip are.
1. add extra masquerade rule (also needed for fixed/static wanip)
2. modify dstnat rule according to method desired (no change required for fixed/static wanip)
3. ensure fw forward chain rules allow dstnat (also needed for fixed/statck wanip)
Re: Hairpin NAT
is it enough?
Code: Select all
/ip firewall nat
add chain=dstnat dst-address=x.x.x.x protocol=tcp dst-port=xxxx \
action=dst-nat to-address=x.x.x.x
add chain=srcnat out-interface=ether1 action=masquerade
/ip firewall nat
add chain=dstnat dst-address=x.x.x.x protocol=tcp dst-port=x.x.x.x \
action=dst-nat to-address=x.x.x.x
add chain=srcnat out-interface=ether1 action=masquerade
Re: Hairpin NAT
If you have 2 servers which both serve web services on the same port then there is no way for router to decide what server send incoming connection traffic to.
Harpin just lets to access local resource via external IP from LAN but the problem is the same: which server should receive packets send to service visible at external_public_ip:80 address?
Harpin just lets to access local resource via external IP from LAN but the problem is the same: which server should receive packets send to service visible at external_public_ip:80 address?
Re: Hairpin NAT
Not even close.
Unless you know what you are actually putting down in the config, probably best to read and learn more prior to doing so.
Did you read my post or check out the Youtube video link for example..............
Unless you know what you are actually putting down in the config, probably best to read and learn more prior to doing so.
Did you read my post or check out the Youtube video link for example..............
Re: Hairpin NAT
i didnt say on the same port...If you have 2 servers which both serve web services on the same port then there is no way for router to decide what server send incoming connection traffic to.
Harpin just lets to access local resource via external IP from LAN but the problem is the same: which server should receive packets send to service visible at external_public_ip:80 address?
Re: Hairpin NAT
Yes I did, what is wrong in what I wrote?Not even close.
Unless you know what you are actually putting down in the config, probably best to read and learn more prior to doing so.
Did you read my post or check out the Youtube video link for example..............
