Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana

gilangvperdana/README.md Secret

Last active January 19, 2023 08:56
Show Gist options
  • Save gilangvperdana/e921254440169dc3387e583afc8f5b72 to your computer and use it in GitHub Desktop.
Save gilangvperdana/e921254440169dc3387e583afc8f5b72 to your computer and use it in GitHub Desktop.
Download ZIP
Mikrotik
Raw
README.md

Hairpin Forwarder

  • 192.168.1.20 –> 1.2.3.4:3389 –> 192.168.1.10:3389
  • The solution was to rewrite the port forwarding rule to NOT to use in-interface=WAN-GATEWAY, but dst-address-type=local
# DST-NAT rule to redirect port 3389 from
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-address=1.2.3.4 dst-address-type=local dst-port=3389 protocol=tcp to-addresses=192.168.1.10 to-ports=3389 comment="Redirect RDP PORT  TCP 3389 to local server"
 
# Masquerade local traffic going to mikrotik WAN IP - [To access that service from LAN using mikrtoik wan ip]
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.1.10 protocol=tcp dst-port=3389 out-interface=LAN-Interface action=masquerade comment="Masquerade Traffic going to WAN IP of mikrotik from local LAN users"

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment