This entry has been published on 2016-01-26 and may be out of date.
Last Updated on 2016-01-26.
[:en]Scenario
You use a Mikrotik Routerboard like RB433, run a local webserver, mailserver etc. which are available for external users.
To make them available in the local network via the same domain names like external, you use a Hairpin NAT rule.
After you enable that rule, every external client shows up with the routerboard’s local IP address, e.g. via PHP in phpinfo() -> REMOTE_ADDR. This can case problems e.g. with your mail server which allows spam because it sees it as local sender, or with any anti-spam or statistics web tool.
Solution
Make sure your masquerading rule does only affect internal traffic, i.e. set your local network in option “src address” and “dst address”.
Example:
[:]