Mikrotik port forwarding from LAN?

R

Roman2015-11-13 23:01:23

Computer networks

Roman, 2015-11-13 23:01:23

Good afternoon!
I can’t forward port 80 from the local network, I googled several solutions, but none of them work from the local network, there are no problems from the Internet.
192.168.1.11 - web server, 1.1.1.1 - external ip of Mikrotik
I found the 1st method somewhere on Habré.
add action=dst-nat chain=dstnat comment=web dst-address=1.1.1.1 \
dst-port=80 in-interface=Wan1 protocol=tcp to-addresses=192.168.1.11 \
to-ports=80
add action=dst -nat chain=dstnat dst-address=1.1.1.1 \
dst-port=80 in-interface=Local protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.11 to-ports=80
add action =src-nat chain=srcnat dst-address=192.168.1.11 \
dst-port=80 out-interface=Local protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.1
2nd option, Hairpin on wiki
add action=dst-nat chain=dstnat comment=web dst-address=1.1.1.1 \
dst-port=80 protocol=tcp to-addresses=192.168.1.11 \
to-ports=80
add action=masquerade chain=srcnat dst-address=192.168.1.11 \
dst-port=80 out -interface=Local protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.1
What did I do wrong?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

Roman, 2015-11-14
@Uvetrom

Oleg, thanks for the advice...
But the problem was solved by itself, I don’t believe in mysticism.
I don’t want to say that, but SAMO suddenly worked when I tried the second option again.
Do not understand why.

A

alegzz, 2015-11-13
@alegzz

add action=src-nat chain=srcnat dst-address=192.168.1.11 \
dst-port=80 out-interface=Local protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.1 - what is it ? o_o

O

Oleg Nerwin, 2015-11-14
@Nerwin

Can the firewall allow forward lan-lan?
/ip firewall filter
add chain=forward in-interface=local out-interface=local