You want the /24 for sec address On Oct 22, 2012 6:21 AM, "Rory McCann" <rmm.li...@gmail.com> wrote:
> I haven't been able to get it to work. I can't get it to match traffic - > where I thought I was matching the traffic correctly it was just > masquerading traffic destined to the router itself via winbox. > > All I should need is a rule like this: > /ip firewall nat > add action=src-nat chain=srcnat comment="Hairpin NAT" dst-address=\ > 192.168.1.14 out-interface=LAN src-address=192.168.1.0/24to-addresses=\ > 192.168.1.254 > > Where 192.168.1.0/24 is the LAN subnet, 1.14 is the WWW server and 1.254 > is the router IP. Using masquerade doesn't make any difference and > transposing the src and dest addresses makes no difference. If I use > 192.168.1.0/24 as src and dest, I see packets being matched, but when > digging deeper it's just from my winbox session. > > My dst-nat rules are what you would expect - nothing non-standard about > them and I have no issues from the outside of the network. > > Rory McCann > Minn-Kota Ag Products > P: 701-403-4877 | E: r...@mkap.com > > On 10/21/2012 11:40 AM, Josh Luthman wrote: > >> Are you srcnat'ing the traffic that stays in your LAN? >> On Oct 21, 2012 9:44 AM, "Mike Hammett" <butch-mikro...@ics-il.net> >> wrote: >> >> I've heard others say that Greg's setup works, so I'm not sure. I haven't >>> done anything like that so I don't know how to advise you. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions >>> http://www.ics-il.com >>> >>> ----- Original Message ----- >>> From: "Rory McCann" <rmm.li...@gmail.com> >>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>> Sent: Tuesday, October 16, 2012 2:53:37 PM >>> Subject: [Mikrotik] Hairpin NAT/WAN Reflection on ROS6 >>> >>> Anyone have any working examples of Hairpin NAT (aka WAN Reflection) on >>> routerOS 6.x? Since moving to rc1 I have not been able to get the rules >>> to work any longer. I've finally been able to get them to at least catch >>> traffic, but the connections never seem to make it through. I'm using it >>> for accessing an internal webserver. >>> >>> I've used examples found on the official wiki, gregsowell.com and >>> others. None produce the desired result. >>> >>> Thanks. >>> >>> -- >>> Rory McCann >>> Minn-Kota Ag Products >>> P: 701-403-4877 | E: r...@mkap.com >>> >>> ______________________________**_________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> ______________________________**_________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> >>> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: <http://www.butchevans.com/**pipermail/mikrotik/** >> attachments/20121021/2d095d37/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20121021/2d095d37/attachment.html> >> > >> ______________________________**_________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > > ______________________________**_________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20121022/9a6eee31/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
