We have a server that is on a private network. The MikroTik box
is performing Destination NAT for the ports that we want to come
through. 25, 80, 110, etc..
The problem is the clients on the inside resolve the external IP
address and can't get to the server because it wont NAT out and
back in on the same interface.
One solution is to enter the internal addresses in the static DNS
on the MT box, but I would rather not do that every time we add
a web site to this server.
What you describe is usually remedied by DNS Doctoring, as described here: http://www.cisco.com/en/US/products/hw/ ... .shtml#int
To my knowledge, the Mikrotik does not support this. I have also seen similar stuff to this accomplished by routing to a loopback interface, and then from there policy routing back out the internal interface, but its so ugly I would much rather just change the DNS assignments.
Brian
To my knowledge, the Mikrotik does not support this. I have also seen similar stuff to this accomplished by routing to a loopback interface, and then from there policy routing back out the internal interface, but its so ugly I would much rather just change the DNS assignments.
Brian
We had the same problem.
Our setup is a server inside the network at 10.2.1.2.
We have a destination Nat rule to get any TCP traffic to our external address destined for port 80 and NAT it to 10.2.1.2.
We have a source NAT rule for all traffic 0.0.0.0 going upstream to be masqueraded to our external interface IP.
So when a user from inside tries to get to the web server, the Mikrotik does the DNS, figures out it for it, then sends it back in to 10.2.1.2.
So if we add another source NAT rule for traffic from 10.2.0.0/23 (this covers all our internal addresses) going to 10.2.1.2/32 (the internal address of the server) it all works.
Its hard to figure in your head, but try it and it should work.
Our setup is a server inside the network at 10.2.1.2.
We have a destination Nat rule to get any TCP traffic to our external address destined for port 80 and NAT it to 10.2.1.2.
We have a source NAT rule for all traffic 0.0.0.0 going upstream to be masqueraded to our external interface IP.
So when a user from inside tries to get to the web server, the Mikrotik does the DNS, figures out it for it, then sends it back in to 10.2.1.2.
So if we add another source NAT rule for traffic from 10.2.0.0/23 (this covers all our internal addresses) going to 10.2.1.2/32 (the internal address of the server) it all works.
Its hard to figure in your head, but try it and it should work.