Scenario

You use a Mikrotik Routerboard like RB433, run a local webserver, mailserver etc. which are available for external users.

To make them available in the local network via the same domain names like external, you use a Hairpin NAT rule.

After you enable that rule, every external client shows up with the routerboard’s local IP address, e.g. via PHP in phpinfo() -> REMOTE_ADDR. This can case problems e.g. with your mail server which allows spam because it sees it as local sender, or with any anti-spam or statistics web tool.

Solution

Make sure your masquerading rule does only affect internal traffic, i.e. set your local network in option “src address” and “dst address”.

Example:

hairpinNatLocalRouterIp

Share This:

  [email protected]