Port Forwarding from inner network to inner network (hairpin NAT)

I've successfully setup a port forwarding on a Mikrotik router that translates every request going to WAN ip address on port 8844 (let's say: 20.20.20.22:8844) of mikrotik to the local ip address and the same port.

As I have a DNS name for the WAN ip address (20.20.20.22), I would like this rule to also work from inner network:

192.168.111.77 -> 20.20.20.22:8844 -> 192.168.111.2:8844

I have found a Mikrotik web page that describes this situation: http://wiki.mikrotik.com/wiki/Hairpin_NAT But I wasn't able to achieve the same.

Here is a printscreen of the rule

enter image description here

It's just a partial printscreen but everything else is not set (blank).

EDIT: the port forwarding rule and the classic masquerade on the router looks like this:

/ip firewall nat
add chain=dstnat in-interface=ether1-gateway protocol=tcp dst-port=8844 \
  action=dst-nat to-address=192.168.111.2 to-port=8844
add chain=srcnat out-interface=ether1-gateway action=masquerade

The solution is to rewrite the port forwarding to rule to not to use in-interface=ether1-gateway, but dst-address-type=local:

/ip firewall nat
add chain=dstnat dst-address-type=local protocol=tcp dst-port=8844 \
  action=dst-nat to-address=192.168.111.2 to-port=8844

Then add the hairpin NAT as specified in the original post:

/ip firewall nat
add chain=srcnat src-address=192.168.111.0/24 \
  dst-address=192.168.111.2 protocol=tcp dst-port=8844 \
  out-interface=bridge-local action=masquerade

Nat Masquerade 192.168.111.0/24 to 192.168.111.0/24 this works for every services at once. do not specify interfaces or port. internal port must be the same as the external port.

Port Forwarding from inner network to inner network (hairpin NAT)

Related

Recent Posts