Thanks Bryon. I got it. I had in and out interfaces defined on a couple of my rules. Removed them and it works now. You pointed to the same solution Josh and Butch did. It is a hairpin NAT situation. Thanks.
-Ty On Wed, Apr 30, 2014 at 7:55 PM, Bryon Monday <[email protected]> wrote: > Hairpin NAT > > http://gregsowell.com/?p=4242 > > > Bryon > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Ty Featherling > Sent: Monday, April 28, 2014 4:15 PM > To: Mikrotik discussions > Subject: Re: [Mikrotik] local access to a NAT'ted address > > No dice. No packets even hit that rule. > > -Ty > > > On Mon, Apr 28, 2014 at 3:04 PM, Josh Luthman > <[email protected]>wrote: > > > Try... > > > > /ip firew nat > > add action=masquerade chain=srcnat comment="masq lan for port forwarding" > \ > > dst-address=192.168.0.0/24 src-address=192.168.0.0/24 > > > > > > Josh Luthman > > Office: 937-552-2340 > > Direct: 937-552-2343 > > 1100 Wayne St > > Suite 1337 > > Troy, OH 45373 > > > > > > On Mon, Apr 28, 2014 at 4:01 PM, Ty Featherling > > <[email protected] > > >wrote: > > > > > Here is what I have right now. > > > > > > /ip address > > > add address=207.235.20.130/25 interface=bridgeWAN > > > network=207.235.20.128 add address=192.168.0.1/24 > > > interface=bridgeLAN network=192.168.0.0 add > > > address=207.235.20.132/25 interface=bridgeWAN network=207.235.20.128 > > > > > > /ip firewall nat > > > add action=dst-nat chain=dstnat dst-address=207.235.20.132 > in-interface=\ > > > bridgeWAN to-addresses=192.168.0.231 add action=src-nat > > > chain=srcnat out-interface=bridgeWAN src-address=\ > > > 192.168.0.231 to-addresses=207.235.20.132 add action=src-nat > > > chain=srcnat src-address=192.168.0.0/24to-addresses=\ > > > 207.235.20.130 > > > > > > > > > -Ty > > > > > > > > > On Mon, Apr 28, 2014 at 2:57 PM, Josh Luthman > > > <[email protected]>wrote: > > > > > > > Share your config? Just make sure to masquerade the private/lan > > > > side > > and > > > > then a simple dst nat rule. > > > > > > > > > > > > Josh Luthman > > > > Office: 937-552-2340 > > > > Direct: 937-552-2343 > > > > 1100 Wayne St > > > > Suite 1337 > > > > Troy, OH 45373 > > > > > > > > > > > > On Mon, Apr 28, 2014 at 3:53 PM, Ty Featherling < > > [email protected] > > > > >wrote: > > > > > > > > > I have a server on my LAN here that I am 1:1 natting behind a > > > > > public address. The srcNAT + dstNAT rules are working > > > > > wonderfully but I find > > > > when > > > > > I try to access the server on it's public address from within my > > > > > LAN > > I > > > > > can't reach it. From outside it works fine. > > > > > > > > > > It there another rule I need to allow this to work? My local > > > > > machines access this server on it's local address but my phone > > > > > is configured > > to > > > > > reach it via it's public and fails when I am in the office. > > > > > > > > > > -Ty > > > > > -------------- next part -------------- An HTML attachment was > > > > > scrubbed... > > > > > URL: < > > > > > > > > > > > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140428/d2b > > 8d5a1/attachment.html > > > > > > > > > > > _______________________________________________ > > > > > Mikrotik mailing list > > > > > [email protected] > > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > > > > > Visit http://blog.butchevans.com/ for tutorials related to > > > > > Mikrotik RouterOS > > > > > > > > > -------------- next part -------------- An HTML attachment was > > > > scrubbed... > > > > URL: < > > > > > > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140428/6b6 > > 2f5b1/attachment.html > > > > > > > > > _______________________________________________ > > > > Mikrotik mailing list > > > > [email protected] > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > > > Visit http://blog.butchevans.com/ for tutorials related to > > > > Mikrotik RouterOS > > > > > > > -------------- next part -------------- An HTML attachment was > > > scrubbed... > > > URL: < > > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140428/bbd > > e0494/attachment.html > > > > > > > _______________________________________________ > > > Mikrotik mailing list > > > [email protected] > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > > RouterOS > > > > > -------------- next part -------------- An HTML attachment was > > scrubbed... > > URL: < > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140428/f03 > > b0d5a/attachment.html > > > > > _______________________________________________ > > Mikrotik mailing list > > [email protected] > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > RouterOS > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140428/eb9c37be > /attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140501/17650b33/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
