Select Page
This entry has been published on 2016-01-26 and may be out of date.

Last Updated on 2016-01-26.

[:en]Scenario

You use a Mikrotik Routerboard like RB433, run a local webserver, mailserver etc. which are available for external users.

To make them available in the local network via the same domain names like external, you use a Hairpin NAT rule.

After you enable that rule, every external client shows up with the routerboard’s local IP address, e.g. via PHP in phpinfo() -> REMOTE_ADDR. This can case problems e.g. with your mail server which allows spam because it sees it as local sender, or with any anti-spam or statistics web tool.

Solution

Make sure your masquerading rule does only affect internal traffic, i.e. set your local network in option “src address” and “dst address”.

Example:

hairpinNatLocalRouterIp[:]