Community discussions

MikroTik App
  4. RouterOS
  5. General

routing problem on 2.8.22, can't access own site from local

Post Reply
 
wenlee
just joined
Topic Author
Posts: 4
Joined: Fri Dec 31, 2004 11:36 pm

routing problem on 2.8.22, can't access own site from local

Sat Jan 01, 2005 12:11 am

hi, :(

I have a weird problem, and driving me crazy. I set up 2 interfaces one to external, one is local. I also have 3 public IPs assign on router.

I change www port on the router to 1024 for remote terminal.
the router has the following IPs(pub)
1.1.1.3
1.1.1.4
1.1.1.5
and
192.168.3.1(local).

I src-nat all local to 1.1.1.3. and dst-nat 1.1.1.4:80 to 192.168.3.4:80.
dst-nat 1.1.1.5:80 to 192.168.3.4:1024.

I have no problem access internet from local network.

access my website from outside on 1.1.1.4 or http://www.mysite.com (no problem).

but I can't access it from my own local network. http://1.1.1.4 (or http://www.mysite.com) will failed. but http://192.168.3.4 is ok.

how could I access my own website(http://1.1.1.4) from my local nework?

I can ping 1.1.1.4.

telnet 1.1.1.4 will go to MK's terminal console as if telnet 1.1.1.3 (or 5).

any idea?
Top
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Tue Jan 04, 2005 8:44 pm

This is normal. When you're pinging 1.1.1.4 the external interface on the MT is responding.

Either run a split dns or use hosts files on your local clients to pass them the internal (192.168.3.4) address of the website.

Regards

Andrew
Top
 
wenlee
just joined
Topic Author
Posts: 4
Joined: Fri Dec 31, 2004 11:36 pm

Tue Jan 04, 2005 8:58 pm

Andrew,
thanks for your reply.

no this is not normal to me. MT should route request to my local server directly. I was using Netscreen and never have to problem on accessing my own local server through external IP.
Top
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Tue Jan 04, 2005 10:29 pm

I've no experience of Netscreen, most of my firewalling has been done with Cisco kit. I can't recall any instances where this has been the case although maybe I didn't look hard enough. I'll test this on the PIX at the office. Probably fair to say though, don't rely on this working.

Regards

Andrew
Top
 
wenlee
just joined
Topic Author
Posts: 4
Joined: Fri Dec 31, 2004 11:36 pm

Tue Jan 04, 2005 10:39 pm

yep,

MT tech support does not see anything "wrong" with my routing config. and I believe this is a bug in MT. and to me this is quite silly, and also is a quite serious problem.
Top
 
workshop
just joined
Posts: 11
Joined: Sun Jun 06, 2004 2:38 pm

Thu Jan 06, 2005 12:30 pm

Yes this is a DST NAT feature commonly refeered to what is called 'local loopback' and some routers support it, some routers dont.

It a relatively new(ish) thing. Not long ago the only option was to edit your hosts file or run split dns

Local loopbck has worked no problem for us since we started using MT 2.7.x

We have, however, found several NAT related issues with 2.8.22 and this could be another one.

try changing nothing apart from rollback to an earlier version and see if that fixes the problem.
Top
 
wenlee
just joined
Topic Author
Posts: 4
Joined: Fri Dec 31, 2004 11:36 pm

Wed Jan 12, 2005 6:06 pm

I got it working, on putting dst-nat rule to accept traffic through all interface instead of public interface.

thanks for helping me
Top
Post Reply

Who is online

Users browsing this forum: Bolendox, dimsoft, itimo01, mkkas, sindy and 65 guests
  4. RouterOS
  5. General