This is what I use
/ip firewa nat
add action=dst-nat chain=dstnat comment="bender - http" disabled=no \
dst-address=!192.168.21.0/24 dst-address-type=local dst-port=80
protocol=\
tcp to-addresses=192.168.21.N to-ports=80
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Fri, Oct 14, 2011 at 4:35 PM, Rory McCann <[email protected]> wrote:
> I've seen this before. I had a webserver that resided inside the LAN and
> within that LAN it wouldn't load because the site translated to the external
> IP.
>
> You need what is called Hairpin NAT. Try a rule like this (modify as
> necessary - I created this for an internal webserver):
> /ip firewall nat add action=masquerade chain=srcnat disabled=no
> dst-address-type="" dst-port=\
> 80 protocol=tcp src-address=192.168.1.0/24 src-address-type=""
>
> Basically it will masquerade the traffic using a different IP address and
> should bring up the service correctly. MT doesn't like seeing traffic coming
> and going in/out the same interface so you have to trick it. Cheap consumer
> routers usually do this by default.
>
> Rory McCann
> *Minn-Kota Ag Products
> P*: 701-403-4877*| E*: [email protected]
>
>
> On 10/14/2011 12:16 PM, Rick Smith wrote:
>
>> Hey guys,
>>
>> I've got a router, that does dst-nat for an exchange server.
>>
>> it's 1.1.1.1 -> 10.25.0.150
>>
>> Works fine from the internet inwards, and from other segments connected
>> across this company's WAN (76 mikrotik routers!).
>>
>> The one segment it doesn't work from is the 10.25.0.0/24 network, which
>> is connected to the same router as the internet connection via which
>> that 1.1.1.1 connection comes in.
>>
>> The company's using owa.xxxdomain.com, which translates externally
>> and internally to 1.1.1.1, causing the computers inside the network to
>> go to through the /ip firewall nat rule for it in order to access the
>> outlook
>> web access system...
>>
>> Anyone have an idea why this happens ? Anyone need more explanation ?
>> ______________________________**_________________
>> Mikrotik mailing list
>> [email protected]
>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.butchevans.com/**pipermail/mikrotik/**
> attachments/20111014/85cf53cf/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20111014/85cf53cf/attachment.html>
> >
>
> ______________________________**_________________
> Mikrotik mailing list
> [email protected]
> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.butchevans.com/pipermail/mikrotik/attachments/20111014/e51b38d4/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
