Figured it out... It's called a Hairpin NAT, because it's going ouit to the internet and then being NAT'd back into the same subnet..
http://wiki.mikrotik.com/wiki/Hairpin_NAT Basically, you put a masquerade rule above the dst-nat rule, that forces the internal server to reply to the internet address on the router instead of the internal IP... On Fri, Oct 14, 2011 at 1:16 PM, Rick Smith <[email protected]> wrote: > Hey guys, > > I've got a router, that does dst-nat for an exchange server. > > it's 1.1.1.1 -> 10.25.0.150 > > Works fine from the internet inwards, and from other segments connected > across this company's WAN (76 mikrotik routers!). > > The one segment it doesn't work from is the 10.25.0.0/24 network, which > is connected to the same router as the internet connection via which > that 1.1.1.1 connection comes in. > > The company's using owa.xxxdomain.com, which translates externally > and internally to 1.1.1.1, causing the computers inside the network to > go to through the /ip firewall nat rule for it in order to access the outlook > web access system... > > Anyone have an idea why this happens ? Anyone need more explanation ? > _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
