MikroTik Hairpin NAT, доступ с локальной сети по внешнему ip

 

Что такое Hairpin NAT

Частая ситуация: после проброса порта и попытки обратиться из локальной сети по внешнему адресу завершается неудачей – не приходит ответ от указанного узла. И эта ошибка приводит в замешательство специалиста, привыкшего настроить роутер Asus, D-Link, Linksys, Netis, Tp-Link, Tenda, Xiaomi, Zyxel, Keenetic, Mercusys, Edimax.

Суть метода Hairpin NAT заключается в том, чтобы обращение по внешнему адресу переадресовывалось на локальный порт. Т.е. весь трафик будет просто заворачиваться с подменой адресов(NAT).

Типичные примеры:

• доступ к видеонаблюдению;
• сайту, размещенному в локальной сети;

Настройка MikroTik Hairpin NAT

Для этого нужно сделать два последовательных правила:

Настройка находит в IP-Firewall-NAT

add action=dst-nat chain=dstnat dst-address=8.8.8.8 dst-port=80,443 protocol=tcp to-addresses=192.168.0.3

add action=masquerade chain=srcnat dst-address=192.168.0.3 dst-port=80,443 protocol=tcp

Load balance Over Multiple Gateways (2 WAN) in Mikrotik

/ip address add address=10.20.30.1/24 network=10.20.30.0 broadcast=10.20.30.255 interface=Local add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 interface=WAN1 add address=192.168.188.2/24 network=192.168.188.0 broadcast=192.168.188.255 interface=WAN2 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4 /ip firewall mangle add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1 add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2 add chain=prerouting dst-address=10.20.30.0/24 action=accept in-interface=local add chain=prerouting dst-address=10.20.30.0/24 action=accept in-interface=local add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1 add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2 /ip routeß add dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=to_WAN1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.188.1 routing-mark=to_WAN2 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.10.1 distance=1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.188.1 distance=2 check-gateway=ping /ip firewall nat add chain=srcnat out-interface=WAN1 action=masquerade add chain=srcnat out-interface=WAN2 action=masquerade

sql server 2019

 Standard

PHDV4-3VJWD-N7JVP-FGPKY-XBV89
Web
WV79P-7K6YG-T7QFN-M3WHF-37BXC
Enterprise Core
6GPYM-VHN83-PHDM2-Q9T2R-KBV83
Enterprise
TDKQD-PKV44-PJT4N-TCJG2-3YJ6B
Developer
22222-00000-00000-00000-00000

MICROSOFT SQL SERVER 2019 ENTERPRISE
HMWJ3-KY3J2-NMVD7-KG4JR-X2G8G

SQL Server 2019 Key

Enterprise：HMWJ3-KY3J2-NMVD7-KG4JR-X2G8G
Strandard：PMBDC-FXVM3-T777P-N4FY8-PKFF4

How to Convert Evaluation Server 2016 or 2019 to Licensed Version.

 

activate_w10pro.ps1

	slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
	slmgr /skms kms8.msguides.com
	slmgr /ato

Raw

activate_ws2016_eval_to_standard.ps1

	# convert evaluation to ServerStandard
	DISM /online /Set-Edition:ServerStandard /ProductKey:WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY /AcceptEula
	slmgr /ipk WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY
	slmgr /skms kms8.msguides.com
	slmgr /ato

Raw

activate_ws2019_eval_to_standart.ps1

	# convert evaluation to ServerStandard
	DISM /online /Set-Edition:ServerStandard /ProductKey:N69G4-B89J2-4G8F4-WWYCC-J464C /AcceptEula
	slmgr /ipk N69G4-B89J2-4G8F4-WWYCC-J464C
	slmgr /skms kms8.msguides.com
	slmgr /ato

To convert Windows Server 2019 or 2016 Evaluation to Licensed (Retail):

1. Open PowerShell as Administrator and give the following command to find the installed version of Server 2016:

• DISM /Online /Get-CurrentEdition

2. Then give the following command to convert the Server 2016 Evaluation version to Full Retail (Licensed):

• DISM /online /Set-Edition:ServerEdition /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

* Notes:
1. In the above command, change the ServerEdition according to the installed version.

For example…
1. If the installed edition is the "ServerStandarEval" then the command is:

• DISM /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

2. If the installed edition is the "ServerDatacenterEval" then the command is:

• DISM /Online /Set-Edition:ServerDatacenter /ProductKey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx /AcceptEula

AD

2. If you have a KMS host running in your deployment, then you can use a KMS Product key for activation or you can use the KMS key to convert the Evaluation version to licensed and then (after the conversion), to change the product key and activate Windows by using the slmgr.vbs /ipk command.

3. When the operation is completed, press the "Y" key to reboot the Server and apply changes.

That’s all folks! Did it work for you?
Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about this solution.