I'm assuming you mean "it kills my ability to browse TO THE WAN IP using a device on the inside of my network." If that is accurate, see here:
http://wiki.mikrotik.com/wiki/Hairpin_NAT If you mean "it kills my ability to browse TO THE LAN IP using a device on the inside of my network," Joshs advice has already hit the target. On Jun 7, 2014, at 1:15 PM, Casey Mills <[email protected]> wrote: > I was pretty big into Mikrotik in years past, but haven't been active in > some time. > > I just picked up a RB2011 and want to forward ports 80, 443, and 50500 for > my network storage device. When I dstnat those ports below it kills my > ability to browse using a device on the inside of my network. This has to > be something simple, please help. > > I'm not sure how traffic originating from the outside and destined for my > network storage is treated. Ideally it should be handled by the forward > chain, but it will have a destination IP of the WAN side of the router. So > that makes me think imput chain. > > > /ip firewall filter > add chain=input protocol=icmp > add chain=input connection-state=established > add chain=input connection-state=related > add action=drop chain=input in-interface=ether1-gateway > add chain=forward connection-state=established > add chain=forward connection-state=related > add action=drop chain=forward connection-state=invalid > > > /ip firewall nat > add action=masquerade chain=srcnat out-interface=ether1-gateway > to-addresses=0.0.0.0 > add action=dst-nat chain=dstnat comment=Foscam-1 dst-port=8080 protocol=tcp > to-addresses=192.168.55.200 to-ports=8080 > add action=dst-nat chain=dstnat comment=Foscam-2 dst-port=8081 protocol=tcp > to-addresses=192.168.55.201 to-ports=8081 > add action=dst-nat chain=dstnat comment=IX2 disabled=yes > dst-address-type="" dst-port=80 protocol=tcp to-addresses=192.168.55.54 > to-ports=80 > add action=dst-nat chain=dstnat comment=IX2 disabled=yes > dst-address-type="" dst-port=443 protocol=tcp to-addresses=192.168.55.54 > to-ports=443 > add action=dst-nat chain=dstnat comment=IX2 disabled=yes dst-port=50500 > protocol=tcp to-addresses=192.168.55.54 to-ports=50500 > add action=dst-nat chain=dstnat comment=Casey7-RDP dst-port=3389 > protocol=tcp to-addresses=192.168.55.52 to-ports=3389 > add action=dst-nat chain=dstnat comment=HTPC7-Plex dst-port=32400 > protocol=tcp to-addresses=192.168.55.50 to-ports=32400 > add action=dst-nat chain=dstnat comment=HTPC7-CetonApp dst-port=5832 > protocol=tcp to-addresses=192.168.55.50 to-ports=5832 > > > Thanks, > Casey > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140607/7f0955d3/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
