Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Hairpin NAT not working for Minecraft server  [SOLVED]

Post Reply
 
nemoonpc
just joined
Topic Author
Posts: 8
Joined: Thu Jan 23, 2020 6:27 am
Location: Kuala Lumpur, Malaysia

Hairpin NAT not working for Minecraft server

Thu Jan 23, 2020 8:27 pm

I've setup a Minecraft server on my rb2011, my MC server can be accessed outside LAN using DDNS address, but couldn't access from LAN using ddns. Using canyouseeme can see my mc server port. I've set a hairpin nat in my firewall but it doesn't seem to do anything.
Code: Select all
# jan/24/2020 02:26:00 by RouterOS 6.46.2
# software id = RTIL-H9KX
#
# model = 2011UiAS
# serial number = ************
/ip firewall address-list
add address=************.sn.mynetname.net list=WAN-IP
/ip firewall filter
add action=accept chain=input comment=WBremote dst-port=8291 protocol=tcp
add action=accept chain=input comment="defconf: accept established,related,untracked" \
    connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)"
    dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=
    in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy
    out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked
    connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.8.0/24 \
    src-address=172.16.8.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none 
    out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Minecraft Server port from 172.16.8.40" \
    dst-address-list=WAN-IP dst-port=25565 in-interface=pppoe-unifi protocol=tcp \
    to-addresses=172.16.8.40 to-ports=25565
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Hairpin NAT not working for Minecraft server  [SOLVED]

Fri Jan 24, 2020 1:15 am

It's because of in-interface=pppoe-unifi in dstnat rule (assuming it's your WAN interface), it won't match connections from LAN. Just get rid of it.
Top
Post Reply
  4. RouterOS
  5. Beginner Basics