I haven't been able to get it to work. I can't get it to match traffic -
where I thought I was matching the traffic correctly it was just
masquerading traffic destined to the router itself via winbox.
All I should need is a rule like this:
/ip firewall nat
add action=src-nat chain=srcnat comment="Hairpin NAT" dst-address=\
192.168.1.14 out-interface=LAN src-address=192.168.1.0/24
to-addresses=\
192.168.1.254
Where 192.168.1.0/24 is the LAN subnet, 1.14 is the WWW server and 1.254
is the router IP. Using masquerade doesn't make any difference and
transposing the src and dest addresses makes no difference. If I use
192.168.1.0/24 as src and dest, I see packets being matched, but when
digging deeper it's just from my winbox session.
My dst-nat rules are what you would expect - nothing non-standard about
them and I have no issues from the outside of the network.
Rory McCann
Minn-Kota Ag Products
P: 701-403-4877 | E: [email protected]
On 10/21/2012 11:40 AM, Josh Luthman wrote:
Are you srcnat'ing the traffic that stays in your LAN?
On Oct 21, 2012 9:44 AM, "Mike Hammett" <[email protected]> wrote:
I've heard others say that Greg's setup works, so I'm not sure. I haven't
done anything like that so I don't know how to advise you.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
----- Original Message -----
From: "Rory McCann" <[email protected]>
To: "Mikrotik discussions" <[email protected]>
Sent: Tuesday, October 16, 2012 2:53:37 PM
Subject: [Mikrotik] Hairpin NAT/WAN Reflection on ROS6
Anyone have any working examples of Hairpin NAT (aka WAN Reflection) on
routerOS 6.x? Since moving to rc1 I have not been able to get the rules
to work any longer. I've finally been able to get them to at least catch
traffic, but the connections never seem to make it through. I'm using it
for accessing an internal webserver.
I've used examples found on the official wiki, gregsowell.com and
others. None produce the desired result.
Thanks.
--
Rory McCann
Minn-Kota Ag Products
P: 701-403-4877 | E: [email protected]
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.butchevans.com/pipermail/mikrotik/attachments/20121021/2d095d37/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
