MikroTik

Hi Guys

I am pretty sure this is documented several times over, however I am unsure of the terminology I am looking for and my searches have left me without an answer.

Essentially, what I am trying to do is setup a dst-nat rule but where the request appears to come from the MikroTik its self and not the original client, this is because the MikroTik is currently not the default gateway for the service it is trying to access.

Mark

You need another srcnat rule for that (in addition to your dstnat rule). Simply set it to match your forwarded packets and use action=masquerade.

Hi Guys

I am pretty sure this is documented several times over, however I am unsure of the terminology....

FYI - the term for this is "hairpin NAT"


Another solution would be to use the Mikrotik's DNS proxy feature - instead of dstnat to the other server, use action=redirect (which redirects the dst of the request to become the Mikrotik itself). The Mikrotik would then make a DNS query on behalf of the client (using whatever server(s) the router has configured in /IP > DNS) and then give the answer back to the client.
You'd need to make sure "allow remote request" is turned on in /IP DNS, and *BE SURE* that your input firewall filter blocks DNS requests from the Internet itself so that you don't get this router taken over by a dns-amp ddos attack.

Thank you for your replies gentlemen - often terminology is my biggest barrier with MikroTik...but I do love the kit!