Hairpin NAT

Video guide available here.

Here you will learn how to use my very simple script to apply a dynamic hairpin NAT to your MikroTik router.

Hairpin NAT is especially useful if you are hosting services in your network where they are accessed from the internet via host name but you also want to access them from your own network via the same hostname.

This is what I would class as the easiest way to apply a hairpin NAT configuration with the minimal amount of additional configuration. This guide is written assuming you are using Winbox.

After you’ve downloaded the RSC file at the bottom of this page, you will need to open it up, Notepad++ is a good choice if you are using Windows otherwise notepad may work (if the text all moulds into 1 big block, copy & paste it into Word ~because text files).

You only need to make 1 change in the file, you need to input your LAN subnet.

Save the file and then drag it into the Files box in Winbox.

You will then need to open up a new terminal and input the following command:

/import file-name=hairpinv1.rsc

You can see that IP>Cloud has now been activated

The Hairpin rule will have been added to your IP>Firewall>NAT table however it will be in the wrong place, drag it to the top as MikroTik process rules in descending order.

You can also see in IP>Address Lists that the “WANIP” list has been created with your IP>Cloud name and this will have resolved to your WAN IP address dynamically.

There is also a template port forward rule for you to use, simply enable it and copy it as you need to, remember NOT to use an “in.interface” and simply use the destination address list “WANIP”

The below RSC file is provided free of charge to do with what you like, please bear in mind though websites aren’t free to run and whilst not compulsory, any donations would be gratefully received.

“Download the RSC file here”