MikroTik

Community discussions
https://forum.mikrotik.com/

routing problem on 2.8.22, can't access own site from local

https://forum.mikrotik.com/viewtopic.php?t=1733

Page 1 of 1

routing problem on 2.8.22, can't access own site from local

Posted: Sat Jan 01, 2005 12:11 am
by wenlee
hi, :(

I have a weird problem, and driving me crazy. I set up 2 interfaces one to external, one is local. I also have 3 public IPs assign on router.

I change www port on the router to 1024 for remote terminal.
the router has the following IPs(pub)
1.1.1.3
1.1.1.4
1.1.1.5
and
192.168.3.1(local).

I src-nat all local to 1.1.1.3. and dst-nat 1.1.1.4:80 to 192.168.3.4:80.
dst-nat 1.1.1.5:80 to 192.168.3.4:1024.

I have no problem access internet from local network.

access my website from outside on 1.1.1.4 or http://www.mysite.com (no problem).

but I can't access it from my own local network. http://1.1.1.4 (or http://www.mysite.com) will failed. but http://192.168.3.4 is ok.

how could I access my own website(http://1.1.1.4) from my local nework?

I can ping 1.1.1.4.

telnet 1.1.1.4 will go to MK's terminal console as if telnet 1.1.1.3 (or 5).

any idea?

Posted: Tue Jan 04, 2005 8:44 pm
by andrewluck
This is normal. When you're pinging 1.1.1.4 the external interface on the MT is responding.

Either run a split dns or use hosts files on your local clients to pass them the internal (192.168.3.4) address of the website.

Regards

Andrew

Posted: Tue Jan 04, 2005 8:58 pm
by wenlee
Andrew,
thanks for your reply.

no this is not normal to me. MT should route request to my local server directly. I was using Netscreen and never have to problem on accessing my own local server through external IP.

Posted: Tue Jan 04, 2005 10:29 pm
by andrewluck
I've no experience of Netscreen, most of my firewalling has been done with Cisco kit. I can't recall any instances where this has been the case although maybe I didn't look hard enough. I'll test this on the PIX at the office. Probably fair to say though, don't rely on this working.

Regards

Andrew

Posted: Tue Jan 04, 2005 10:39 pm
by wenlee
yep,

MT tech support does not see anything "wrong" with my routing config. and I believe this is a bug in MT. and to me this is quite silly, and also is a quite serious problem.

Posted: Thu Jan 06, 2005 12:30 pm
by workshop
Yes this is a DST NAT feature commonly refeered to what is called 'local loopback' and some routers support it, some routers dont.

It a relatively new(ish) thing. Not long ago the only option was to edit your hosts file or run split dns

Local loopbck has worked no problem for us since we started using MT 2.7.x

We have, however, found several NAT related issues with 2.8.22 and this could be another one.

try changing nothing apart from rollback to an earlier version and see if that fixes the problem.

Posted: Wed Jan 12, 2005 6:06 pm
by wenlee
I got it working, on putting dst-nat rule to accept traffic through all interface instead of public interface.

thanks for helping me
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/