![]() make a funky rule such that it works by telling the router that one is stating hey use a local destination address but not one from the 192.168.66.1 and that leaves the local WAN address to use. If you have a dynamic wanip then the dst nat rule needs to changeĪdd chain=dstnat action=dst-nat in-interface-list=WAN port=xxx protocol=aaa to-addresses=IPofServerĪ. If you have a dynamic IP then your dst nat rules which should be in this format do not have to changeĪdd chain=dstnat action=dst-nat dst-address=wanip port=xxxx protocol=aaa to-addresses=IPofServer (covered by default input firewall rule, or any substitution by drop all else rule!)įor static wanip or dynamic wanip you need to add a sourcenat rule.Īdd chain=srcnat action=masquerade dst-address=192.168.66.0/24 src-address=192.168.66.0/24 (2) *BE SURE* that your input firewall filter blocks DNS requests from the Internet itself so that you don't get this router taken over by a dns-amp ddos attack. (1) You'd need to make sure "allow remote request" is turned on in /IP DNS, and This should effectively ensure that regardless of PC DNS settings, all the queries from the subnet will go through the router and thus hit the static DNS rule created. and thus you need to redirect all DNS queries to the router to handle.Īdd action=redirect chain=dstnat comment="Force Users to Router for DNS - TCP" \ĭst-port=53 protocol=tcp src-address=192.168.88.0/24Īdd action=redirect chain=dstnat comment="Force Users to Router for DNS - UDP" \ĭst-port=53 protocol=udp src-address=192.168.88.0/24 However, some users on the same subnet may have DNS hard coded on their PCs. This rule will capture any request for DNS when looking for that domain name and direct the query to the server IP. The precedence for using DNS within the router is as follows. ![]() Lets say your server IP was 192.168.88.68 and your domainname for the server was Create the following rule!Īdd address=192.168.88.68 regexp="(^|ttl=5m There is one way to avoid getting into DST and Source NAT rule changes for hairpin nat and that is to use DNS. moving server to a different subnet (so users are not on the same LAN). Is there a reliable instruction how to create the NAT loopback in RouterOS?ī. I searched but I did not find any setting in GUI for NAT Loopback (or as it is called in DDWRT - WAN NAT Redirect). But I cannot access this host from the LAN using the public IP address. However I created a NAT rule for port forwarding to access internal host from the Internet and it works without problems. I bought my first Mikrotik hAP (RB962UiGS-5HacT2HnT) a week ago.
0 Comments
Leave a Reply. |