MikroTik

Hi, I'm very new to MikroTik 750GL but have managed to get most of what I need working. I haven't been able to find this answer on the board though so forgive me if it has been covered.

I have a web server inside the network. I have DDNS set up so from outside the network I can type web.server.com and access the web server just fine, port 80 forwarded with no problem. I can't however type web.server.com inside my network, it just gives the standard webpage not available error. I guess the process of the request going from my network to the DDNS server and back to my network is messing up somehow. It isn't due to something I configured since it was happening with a clean router with out of the box configurations. I wasn't even sure how to search for this particular issue. I can of course just use an IP address internally to access the web server, but I have devices that I use both in and out that require me now to have two different configurations depending on which side of the router I'm on and I'd love to get that back to just one setting. All of my other dumb routers like linksys have been able to do this by default in the past, so I'm sure I'm just missing something!

Any help or a point in the right direction would be appreciated.

First of all you need to tell us to which IP web.server.com resolves from within the local network. In case you are working with the default DNS servers from your ISP, that should resolve to the public IP of web.server.com, the one you see on Dyndns website. If not, then you have some sort of DNS server problems.

How is DNS configured in your internal network ?

Sounds like a loop back issue to me, did you setup loop back ?

No idea about loop back...

But if you go to
IP
DNS
Static
+
webserver http
IP

Apply.

Now when a computer inside the network requests the webserver it will be sent directly to the IP on your network.

Hello all, thanks for the replies. I didn't realize there would be a few days between when I first posted this and when it went live. In that time I kept reading and figured out it is called hairpin nat that I didn't have set up. So I was able to get that working and can now type my fqdn while inside my network and have it resolve and access my local web server.

I just looked at that hairpin thing...

Is there some reason I can not / should not, do it the way I did?

I'm certainly no expert on the subject but I'll tell you why I ended up doing it the way I did, but through reading many posts I've found there are like a dozen solutions to any problem so you just pick what works it seems like.

I didn't want to have to make client side modifications. I'm used to the dumb linksys and netgear routers, very easy to port forward and not much else you have to do, they just work out of the box. No special client side modifications needed to do anything really unless you just want static IP addresses. That was my goal with the Mikrotik router. I love all of the options on it, I'm just a noob so I'm not good with getting it set up right.

I also don't want to get pestered from other people on my network asking me to come make some change to their computer so something that used to work on the old router will now work with the new on.

Hairpin Nat solved that for me. I put 2 rules into the firewall for my web server and now the 30 devices on my network can all connect with the fqdn or the IP address. That just seems like the easiest solution so far!

Adding one entry to Static DNS is harder? I am missing something.

Hi, sorry for the late reply. So the other reason I did it this way is so I could create other rules as needed for other ports. If I just static the IP in DNS, I believe it would send all traffic to a specific IP address regardless of ports. By making rules in the firewall, I can use my DDNS name but direct it internally based on ports. Most of my traffic goes to my web server, but some goes to IP cams I have around the house. It just gives me more flexibility. But you are right that if all I needed was one IP address it would be simpler to just use one entry, I never even looked there but that sounds like a great idea.