Community discussions

MikroTik App
 
olivernash
just joined
Topic Author
Posts: 2
Joined: Sat May 16, 2020 6:38 pm

Port Forwarding Issue - Unable to access from LAN

Mon May 25, 2020 2:25 am

Hi all,

I'm new to Mikrotik kit and have so far managed to replicate the configuration held on our old Draytek kit and all appears to be working fine. VPN, VLAN's you name it - all work perfectly.

So then I moved onto port forwarding, which I (perhaps naively) thought would be simple. But I'm having an issue.

I've set up dstnat and forwarded the appropriate port to a LAN IP. I can access the server via the LAN IP when connected to the LAN, but when I try connecting via the WAN IP via a PC connected to the LAN it just times out. If I try and connect to the server via the WAN IP from a separate cellular connection it works perfectly.

So it appears there's a configuration issue that's stopping me accessing WAN resources over certain ports. I'm almost certain it's firewall related but after spending a fair bit of time researching and attempting trial and error solutions I'm at a loss as to exactly how to resolve this.

Any guidance you can offer would be greatly appreciated!

Many thanks,

Ollie
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: Port Forwarding Issue - Unable to access from LAN  [SOLVED]

Mon May 25, 2020 11:01 am

Hello,

Take a look here : https://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Port Forwarding Issue - Unable to access from LAN

Mon May 25, 2020 11:19 am

You can solve this in two ways.

If you have an internal DNS server, add your full host name to it with internal IP. Inside user then points directly to inside server IP, and outside user points to outside public IP
+ traffic goes directly to your inside server for inside clients
- needs an internal DNS
- needs to add one and one host if you have multiple hosts

Or you can do as evince writes, use hairpin nat that will send the packet to the internal IP even if DNS point to your outside IP.
+ works for all situation in on go
- traffic passes trough your router for inside clients going to inside server.
- little more complicated to setup compare to DNS
 
olivernash
just joined
Topic Author
Posts: 2
Joined: Sat May 16, 2020 6:38 pm

Re: Port Forwarding Issue - Unable to access from LAN

Mon May 25, 2020 8:43 pm

Thanks so much both of you! Just implemented hairpin NAT and that's solved the problem :D

Who is online

Users browsing this forum: concretegolem, DoryIII and 20 guests