Page 1 of 1
acces internal webserver over public ip from internal lan
Posted: Thu Jan 17, 2008 9:46 pm
by al1
Hi all,
i use a RB150 Router with adsl. A webserver is running in the internal lan. Over a nat-dst rule the port tcp 80 is mapped to the internal ip, access over the pulbic interface is well. But if i would access the webserver with the public ip from the internal lan, the connection ends always on the mikrotik (webbox). I won´t add a static entry with the internal ip from the webserver in the dns-server on mikrotik.
;;; webserver tcp
chain=dstnat action=dst-nat to-addresses=xx.xx.xx.xx to-ports=80
in-interface=adsl dst-port=80 protocol=tcp
Thanks for help.
Regards al1
Re: acces internal webserver over public ip from internal lan
Posted: Thu Jan 17, 2008 10:07 pm
by antoninn
What is the reason why do you not want to add static DNS entry?
Re: acces internal webserver over public ip from internal lan
Posted: Thu Jan 17, 2008 10:09 pm
by al1
another linux server in the internal lan is used for local zones and as forwarder.
Re: acces internal webserver over public ip from internal lan
Posted: Fri Jan 18, 2008 12:27 pm
by mrz
You have in-interface=adsl in your rule, it means that connections will be dstnatted only if they are comming from public interface.
Something like this should work:
chain=dstnat action=dst-nat to-addresses=xx.xx.xx.xx to-ports=80
src-address=<your_public_IP> dst-port=80 protocol=tcp
Re: acces internal webserver over public ip from internal lan
Posted: Fri Jan 18, 2008 2:17 pm
by al1
thanks. i know. the problem, public interface does not have a static ip.
Re: acces internal webserver over public ip from internal lan
Posted: Fri Jan 18, 2008 2:38 pm
by itsh.net
i use netmap to forwarded my mail/web-server
chain=dstnat action=netmap to-addresses=<lan_Webserver_IP> to-ports=80
dst-port=80 protocol=tcp
Re: acces internal webserver over public ip from internal lan
Posted: Sun Jan 20, 2008 1:09 pm
by al1
this maps the port direct. But if i use this rule or with nat and do not specifiy an interface all outgoing connectios over port 80 (all web traffic from all clients) ends at the mikrotik admin site.
Re: acces internal webserver over public ip from internal lan
Posted: Mon May 19, 2008 1:12 am
by chimaster
I have a similar but different problem.
I have four interfaces on my firewall, the address range 192.168.2.0/24 is my DMZ with 8 servers in it. If I come in from any of the other 3 interfaces I can get to my webservers via the nat.
http://www.example.com will resolve EXT IP. --> Internal IP 192.168.2.2 --> Get my site.
I have a couple of mail servers in the same DMZ, one is a virtual host with 70 websites. So I really want to avoid adding a static entry on each server to resolve to a server in the same subnet. All my servers use the firewall (mikrotik) interface as their DNS and I've setup DNS STATIC entrys on my firewall to route to appropriate servers.
However, I'm unable to get them to resolve to the internal IP. Even the Mikrotik is resolving to the "Real" external DNS address. I've flushed the cache and am not sure where to go from here.
Any pointers appreciated. Sorry if I've hijacked your thread, but I felt this was very much on the same topic.
