MikroTik Hairpin NAT - Lan to Lan Traffic via External Real IP - Access Local Application via Public IP when Connected with Local WiFi

By  Aug 18, 2022

 A common issue most user found is Hairpin NAT !

Actually what is the issue ? Suppose, you have CCTV cameras in your home or office. You can access your CCTV from outside of your home or office via Internet by using your ISP provided Public/Real IP. So, you have port forwarding setup in your MikroTik to access the CCTV from Internet.
But, when you are in home or office and connected to your MikroTik/Router's WiFi/LAN then you can not access the CCTV.

This issue happened because you are not in Internet, you are connected in local LAN/WiFi but you trying to reach your CCTV via Internet. Your CCTV device/application is also connected in your local LAN/WiFi so the CCTV app has also a local IP. If you connect via local IP then you see the CCTV access is OK from local LAN.

So, here we want to access the CCTV via Internet and Local LAN both. In this point we have to configure a hairpin nat in MikroTik so that we can access the CCTV from any network. Follow the below instructions to create a Hairpin NAT in MikroTik.

Winbox > IP > Firewall > NAT > Create a new NAT rule

 Chain = srcnat
 Src. Address = 192.168.88.0/24
 Dst. Address = 192.168.88.0/24
 Out Interface List = LAN
 Action = Masquerade

Here I state the LAN network IP as MikroTik's default Lan IP range. Replace the IP range which you have configured in your MikroTik's LAN/Bridge.

Here I also state the Out Interface List, I have created a LAN list in my MikroTik's Interface List, and in my LAN Interface List I have added my all LAN and Bridge interface (e.g.: ether3, ether4, ether5, bridge). So, my MikroTik's all Lan interface is covered in one list named "LAN".
If you want you may not use a list, you may use a single interface as:
Out Interface = ether3
or
Out Interface = bridge

Finally, we have done our hairpin nat configuration. And there is no port or protocol is indicated, so this configuration will work on any application (not only cctv).

Enjoy hassle free networking !

Posted under:
Newer Posts Older Posts

Posted by

I'm a SysAdmin

You may like these posts

Post a Comment

Post a Comment