2:53:37 PM
Subject: [Mikrotik] Hairpin NAT/WAN Reflection on ROS6
Anyone have any working examples of Hairpin NAT (aka WAN Reflection) on
routerOS 6.x? Since moving to rc1 I have not been able to get the rules
to work any longer. I've finally been able to get them to at least catch
traffic
: Rory McCann rmm.li...@gmail.com
To: Mikrotik discussions mikrotik@mail.butchevans.com
Sent: Tuesday, October 16, 2012 2:53:37 PM
Subject: [Mikrotik] Hairpin NAT/WAN Reflection on ROS6
Anyone have any working examples of Hairpin NAT (aka WAN Reflection) on
routerOS 6.x? Since moving to rc1 I have
to advise you.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
- Original Message -
From: Rory McCann rmm.li...@gmail.com
To: Mikrotik discussions mikrotik@mail.butchevans.com
Sent: Tuesday, October 16, 2012 2:53:37 PM
Subject: [Mikrotik] Hairpin NAT/WAN
discussions mikrotik@mail.butchevans.com
Sent: Tuesday, October 16, 2012 2:53:37 PM
Subject: [Mikrotik] Hairpin NAT/WAN Reflection on ROS6
Anyone have any working examples of Hairpin NAT (aka WAN Reflection) on
routerOS 6.x? Since moving to rc1 I have not been able to get the rules
to work any longer
Computing Solutions
http://www.ics-il.com
- Original Message -
From: Rory McCann rmm.li...@gmail.com
To: Mikrotik discussions mikrotik@mail.butchevans.com
Sent: Tuesday, October 16, 2012 2:53:37 PM
Subject: [Mikrotik] Hairpin NAT/WAN Reflection on ROS6
Anyone have any working
Anyone have any working examples of Hairpin NAT (aka WAN Reflection) on
routerOS 6.x? Since moving to rc1 I have not been able to get the rules
to work any longer. I've finally been able to get them to at least catch
traffic, but the connections never seem to make it through. I'm using it
for
Is there a way to execute a script based on access to a certain port ? Like
http://10.5.50.1:9501 and then the Tik box senses that and runs a script.
Sent via the WebMail system at avolve.net
On Mon, 2010-07-05 at 09:15 -0500, Stuart Pierce wrote:
Is there a way to execute a script based on access to a
certain port ?
Yes and no. There is no way to directly tie a script in MT to a port.
However, you can write a scheduler script that watches a firewall rule
counters and then does
I've been utilizing hairpin NAT to help with displaying webpages to
computers on the same subnet as the webserver using the public IP - it
has been working flawlessly, however now I am trying to utilize some new
functionality.
My webserver has a default host on it that clients are redirected
Can you just allow all 192.168.0.0/24?
On 6/28/10, Rory McCann rmm.li...@gmail.com wrote:
I've been utilizing hairpin NAT to help with displaying webpages to
computers on the same subnet as the webserver using the public IP - it
has been working flawlessly, however now I am trying to utilize
I don't think it's an issue of the traffic being blocked, but rather
when the traffic is modified to redirect the user to my block page
instead of Google.com, it utilized the hairpin NAT rule to find the
webserver, but replaces the source address with that of the MT router
instead of the
On Mon, 2010-06-28 at 11:15 -0500, Rory McCann wrote:
I don't think it's an issue of the traffic being blocked, but rather
when the traffic is modified to redirect the user to my block page
instead of Google.com, it utilized the hairpin NAT rule to find the
webserver, but replaces the
I have a few subnets on this unit (RB1000) running on several public
IPs. Right now ether4 is my WAN. Ether2 (192.168.1.0/24) is the subnet I
am trying to get my blacklisting scripts working on. The webserver is
192.168.1.250. The MT is 192.168.1.254.
/ip firewall nat
add action=src-nat
On Mon, 2010-06-28 at 12:21 -0500, Rory McCann wrote:
add action=dst-nat chain=dstnat comment= disabled=no
dst-address=x.x.x.x dst-port=80 protocol=tcp to-addresses=192.168.1.250
to-ports=80
Ok, so the dstnat rule looks right.
add action=dst-nat chain=dstnat comment= disabled=no
This fixed half the problem. Users on my 192.168.25.0/27 subnet now show
the correct IP address on the webserver, however it breaks hairpin NAT
for the 192.168.1.0/24 subnet (which the webserver resides on).
On 6/28/2010 1:06 PM, Butch Evans wrote:
I'd double check the srcnat rules to ensure
I created a bit of a work around. The rule provided by Butch was
necessary for proper IP detection by the webserver for clients coming
from other subnets on the same router. I simply pointed the delisting
link on the blacklist page to the direct delist script (ie: I made a
hyperlink to
Just looking at this now, I gather you already have the server and all
the scripts setup.
However.. if the telnet script/system becomes too much or doesn't work
properly you could also try something like this:
1. on your block page have a link to a specific unused port on the same
server (say
Thanks for the tip!
I probably should've done that from the get go being as I spent a good
amount of time trying to find a working ASP telnet script. Oh well, it
does what it's supposed to so I'll leave it alone unless it needs
modification.
On 6/28/2010 4:02 PM, Andrew Cox wrote:
Just
going to have to.
On 4/19/2010 8:28 PM, mikrotik-requ...@mail.butchevans.com wrote:
Message: 1
Date: Mon, 19 Apr 2010 15:59:21 -0400
From: Josh Luthmanj...@imaginenetworksllc.com
Subject: Re: [Mikrotik] Hairpin NAT
To: Mikrotik discussionsmikrotik@mail.butchevans.com
Message-ID
Woops, sorry for the double reply on this. I was having list trouble
yesterday. Switching away from digest mode so I can actually keep up a
little bit.
On 4/21/2010 9:13 AM, Rory McCann wrote:
Josh, I tried this rule and it did not seem to work. Any ideas if it's
supposed to work on OS 4.2?
I'm sure there's supposed to me another rule. Something like masquerade your
local IPs to that destination port (80).
--
Regards
Hilton
082.572.9619
-Original Message-
From: mikrotik-boun...@mail.butchevans.com
[mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Rory McCann
] Hairpin NAT
I'm sure there's supposed to me another rule. Something like masquerade
your local IPs to that destination port (80).
--
Regards
Hilton
082.572.9619
-Original Message-
From: mikrotik-boun...@mail.butchevans.com
[mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Rory
Architect
Sonicwall CNA
Microsoft MCSE
Citrix CCA
-Original Message-
From: mikrotik-boun...@mail.butchevans.com
[mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Rory McCann
Sent: Wednesday, April 21, 2010 9:56 AM
To: Mikrotik discussions
Subject: Re: [Mikrotik] Hairpin NAT
I'd
That worked! Thanks for the help!
Essentially all I needed was the src-nat rule with the internal IP of my
webserver (192.168.1.250) as the DST address, and src-nat it to the IP
of the MT (192.168.1.254) on that specific interface.
On 4/21/2010 10:21 AM, David Smith wrote:
found this
On Wed, 2010-04-14 at 12:03 -0500, Rory McCann wrote:
I need to set up a hairpin NAT rule on my RB1000. A little background on
the configuration:
There are a few approaches to this, depending on some variables.
1. IF the clients use the MT as a DNS server, then you can simply supply
the
On Mon, 2010-04-19 at 15:59 -0400, Josh Luthman wrote:
Why not?
As I said, the last time I looked (it's been a while) hairpin NAT was
not a feature that MT supported. If they now support it, then that's
great.
--
* Butch
No idea when it was enabled but that command was added to this list a
month or two ago.
On 4/19/10, Butch Evans but...@butchevans.com wrote:
On Mon, 2010-04-19 at 15:59 -0400, Josh Luthman wrote:
Why not?
As I said, the last time I looked (it's been a while) hairpin NAT was
not a feature
I need to set up a hairpin NAT rule on my RB1000. A little background on
the configuration:
Ether 1 is my WAN - it has 5 addresses assigned to it. Address a.b.c.d
is the public IP of a web server which is then translated to a
192.168.1.250 address on ether 2. I need to set it up so that
28 matches
Mail list logo