Last active
March 22, 2024 07:41
-
-
Save kaspim/905e434f4ccc7d0201d0c0fcb1bb6abe to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# MikroTik Hairpin NAT with IP address preserve of the incoming connection (for fail2ban etc.) | |
/ip firewall address-list | |
add address=192.168.0.0/24 list=LAN | |
/ip firewall nat | |
add action=masquerade chain=srcnat dst-address=!192.168.0.1 src-address-list=LAN dst-address-list=LAN | |
add action=dst-nat chain=dstnat dst-address-type=local dst-port=80 protocol=tcp src-address-list=LAN to-addresses=192.168.0.2 to-ports=80 | |
add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=tcp to-addresses=192.168.0.2 to-ports=80 | |
add action=dst-nat chain=dstnat dst-address-type=local dst-port=443 protocol=tcp src-address-list=LAN to-addresses=192.168.0.2 to-ports=443 | |
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN protocol=tcp to-addresses=192.168.0.2 to-ports=443 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment