MikroTik

Posted: **Thu Jan 17, 2013 5:08 pm**

So, I wanted to get a public IP to a router within our internal network. I got the IP to work externally but internally however, it doesn't seem to work.

I was following the steps in this post

http://forum.mikrotik.com/viewtopic.php?f=13&t=64789

which got me that far.

Here is what I have

NET---(Gateway MikrotikRB)----(WirelessBridgePTP)+++(WirelessBridgePTP)-----(AP)---(CPE)----(MikrotikRouter with public)

Now if I goto connect to the public IP with from outside our natted network it works fine. But if I goto connect to the public IP from inside the network.. the ip address tries to log me into the Gateway MikrotikRB.

Ideas?

Posted: **Thu Jan 17, 2013 5:19 pm**

Sounds like you may need hairpin NAT:

http://wiki.mikrotik.com/wiki/Hairpin_NAT

Posted: **Thu Jan 17, 2013 5:23 pm**

I tried that too and that didn't work at all. I just omitted the ports (being that its not a webserver) and it still failed

Posted: **Thu Jan 17, 2013 6:52 pm**

Try using trace route to see what is happening to the internal traffic.

Posted: **Thu Jan 17, 2013 7:13 pm**

It is going to the gateway and stopping there. When i type the ip address in it goes to the gateway instead of the router it needs to goto.

Sent from my SCH-S720C using Tapatalk 2

Posted: **Thu Jan 17, 2013 8:51 pm**

I think what is going on; when a device outside the nat goes to communicate with the public ip it goes trough because of the srcnat and dstnat rules provided in the link above but when a device within the nat tries to communicate with the public ip the gateway (mikrotik) doesnt know how to pass it?

In the link provided it tells u to put the public ip on the wan. So i think that when a device within a nat tries to attach it sees the public on the wan becuse its the first device with that ip. So i guess i need some way to tell the local range if it tries to attach to the public ip it needs to be passed throiugh the gateway to the device witb the public ip.

Sent from my SCH-S720C using Tapatalk 2

Posted: **Thu Jan 17, 2013 9:19 pm**

Try uploading your /export compact output so we can see the current situation.

Posted: **Fri Jan 18, 2013 4:58 pm**

What are you looking for? I can post that. The whole thing is quite revealing for my customers and I rather not do that.

Do you need FW rules and routes?

Posted: **Fri Jan 18, 2013 5:30 pm**

The NAT and forwarding filter entries are probably where I would start.

If it is hard to sanitize for public posting you can contact me by email.

Posted: **Fri Jan 18, 2013 5:59 pm**

Alright. I'll email you.

Posted: **Tue Jan 22, 2013 7:33 am**

Did u ever get my email?

Sent from my SCH-S720C using Tapatalk 2

MikroTik

Public IP to router?

Public IP to router?

Re: Public IP to router?

Re: Public IP to router?

Re: Public IP to router?

Re: Public IP to router?

Re: Public IP to router?

Re: Public IP to router?

Re: Public IP to router?

Re: Public IP to router?

Re: Public IP to router?

Re: Public IP to router?