MikroTik

Posted: **Mon Aug 07, 2006 5:52 pm**

I am having problems accessing my website using their URLs (http://www.mysite.com) from the internal LAN. Is it possible to setup a local loopback to fix the problem?

Tim

Posted: **Mon Aug 07, 2006 7:47 pm**

I don't really see how a reachability problem would be fixed with a loopback, but you can create a pseudo-loopback with an empty bridge (that acts for all intents and purposes as a real loopback, aside from some extra resource consumption).

--Eric

Posted: **Mon Aug 07, 2006 8:36 pm**

What is the best option to solve the problem then?

Posted: **Tue Aug 08, 2006 9:06 am**

why do you think that the router is at fault? reachability problems can be caused by anything, bad cable or server problem. a loopback doesn't have anything to do with browsing and reachability, maybe you mean something else?

Posted: **Tue Aug 08, 2006 9:17 am**

i think he's trying for a nat-on-a-stick config - this is what cisco calls it. Basically he wants to use the public ip on the inside, go out and back in again - which just takes a few nat rules to make it work.

Posted: **Tue Aug 08, 2006 10:38 am**

Yes, that is what I am trying to do. How can it be done with Mikrotik?

Thanks

Tim

Posted: **Tue Aug 08, 2006 5:57 pm**

If you're on the same interface as the server (LAN?) then you need to dst-nat to that machine from the LAN interface ...

Sam

Posted: **Tue Aug 08, 2006 10:32 pm**

Ok, can you give me an example?

Posted: **Tue Aug 08, 2006 10:38 pm**

add chain=dstnat in-interface=0-inside dst-address=ex.ter.nal.ip protocol=tcp \
dst-port=80 action=dst-nat to-addresses=in.ter.nal.ip to-ports=0-65535 \
comment="" disabled=no

I am not using this setup, but something similiar to the above should work. You are basically saying when a packet goes to the public IP:80 and its coming from internal, then dst-nat it to the internal ip.

Sam

Posted: **Wed Aug 09, 2006 3:34 pm**

I am having problems accessing my website using their URLs (http://www.mysite.com) from the internal LAN. Is it possible to setup a local loopback to fix the problem?

Tim

maybe i am misssing something, but i think the static DNS cache entry will help, just assosiate your local website name to the local IP of the site

Posted: **Wed Aug 09, 2006 6:13 pm**

That works well if your using MT dns cache from internally.

Sam

Posted: **Wed Aug 09, 2006 9:39 pm**

Yeah we are using Windows Server for our dns so that is not possible. I tried the fix above but it didn't work.

Tim

Posted: **Mon Aug 21, 2006 6:45 pm**

I am still stuck with this one, the above didn't work.

Tim

Posted: **Thu Aug 24, 2006 10:50 pm**

I have the exact same issue. I can reach my web server from an external source (home computer), but am not able to reach the same web server from within the network after replacing my Netgear VPN router with a freshly installed MikroTik firewall/router. I have a dstnat setup almost exactly as published above and can route traffic to any IP including the MikroTik router at 192.168.168.1, but I can't seem to reach any other IP's/machines on the network from within the network on port 80. I'm stumped!

Posted: **Thu Aug 24, 2006 11:15 pm**

I found the solution through a few posts/links, thank goodness.

This worked for me:

for 192.168.0.98 port 80 protocol tcp example:

ip firewall dst-nat add dst-address=55.155.155.55/32:80 protocol=tcp
action=nat to-dst-address=192.168.0.98

and for the internal network:

ip firewall src-nat add dst-address=192.168.0.98:80 protocol=tcp
action=nat to-src-address=<internal ip of mikrotik>

this will force reply to the mikrotik and not directly to the internal
machine which originated the request.
Also note that dst-address is 192.168.0.98 since the packetes will
have already be DNAT'ed.
Also you should filter the above rule with more filters for example
in-interface should be the lan interface of the mikrotik.

hope this helps.

Found in this thread: http://forum.mikrotik.com//viewtopic.ph ... highlight=

hih

MikroTik

Local Loopback

Local Loopback

Re: Local Loopback