Permisi suhu2 mikrotik,

Udah sempet baca2 mengenai Hairpin NAT dan dah di implemen, cuma tetep ga bs jalan.

Gambarannya kira2 kaya gini

IP Public : aaa.bbb.aaa.51
Port mikrotik : ether 2

IP lokal : 192.168.100.0/24
IP server : 192.168.100.3
port mikrotik : ether 6

berikut settingan firewall NAT nya :

1 X ;;; NAT class 130 ke ISP Speedy
chain=srcnat action=masquerade src-address=192.168.130.0/24 out-interface=ether1-Speedy log=no log-prefix=""

2 ;;; jalur speedy
chain=srcnat action=masquerade dst-address=192.168.250.2 log=no log-prefix=""

3 ;;; jalur speedy dari LAN
chain=srcnat action=masquerade dst-address=192.168.250.2 src-address-list=jalur speedy log=no log-prefix=""

4 ;;; Hairpin NAT
chain=srcnat action=masquerade protocol=tcp src-address=192.168.100.0/24 dst-address=192.168.100.3 out-interface=ether6-Cisco log=no log-prefix=""


5 ;;; Transparant Proxy 80
chain=dstnat action=redirect to-ports=8070 protocol=tcp dst-port=80 log=no log-prefix=""

6 ;;; Cisco
chain=dstnat action=dst-nat to-addresses=192.168.50.2 to-ports=22 protocol=tcp dst-address=aaa.bbb.aaa.54 in-interface=ether2-Fibernet dst-port=22 log=no
log-prefix=""

7 ;;; Cisco
chain=dstnat action=dst-nat to-addresses=192.168.50.2 to-ports=443 protocol=tcp dst-address=aaa.bbb.aaa.54 in-interface=ether2-Fibernet dst-port=443 log=no
log-prefix=""

8 ;;; Cisco
chain=dstnat action=dst-nat to-addresses=192.168.50.2 to-ports=80 protocol=tcp dst-address=aaa.bbb.aaa.54 in-interface=ether2-Fibernet dst-port=80 log=no
log-prefix=""

9 ;;; Cisco
chain=dstnat action=dst-nat to-addresses=192.168.50.2 to-ports=500 protocol=udp dst-address=aaa.bbb.aaa.54 in-interface=ether2-Fibernet dst-port=500 log=no
log-prefix=""

10 ;;; Cisco
chain=dstnat action=dst-nat to-addresses=192.168.50.2 to-ports=4500 protocol=udp dst-address=aaa.bbb.aaa.54 in-interface=ether2-Fibernet dst-port=4500 log=no
log-prefix=""

11 ;;; Route Cisco
chain=srcnat action=src-nat to-addresses=aaa.bbb.aaa.54 src-address=192.168.50.2 log=no log-prefix=""

12 ;;; Server
chain=dstnat action=dst-nat to-addresses=192.168.105.11 to-ports=8081 protocol=tcp dst-address=aaa.bbb.aaa.51 in-interface=ether2-Fibernet dst-port=8081 log=no
log-prefix=""

13 ;;; Server
chain=dstnat action=dst-nat to-addresses=192.168.105.11 to-ports=777 protocol=tcp dst-address=aaa.bbb.aaa.51 in-interface=ether2-Fibernet dst-port=777 log=no
log-prefix=""

14 ;;; Server
chain=dstnat action=dst-nat to-addresses=192.168.100.3 to-ports=777 protocol=tcp dst-address=aaa.bbb.aaa.53 in-interface=ether2-Fibernet dst-port=777 log=no
log-prefix=""

15 ;;; Server port 999
chain=dstnat action=dst-nat to-addresses=192.168.100.3 to-ports=999 protocol=tcp dst-address=aaa.bbb.aaa.53 in-interface=ether2-Fibernet dst-port=999 log=no
log-prefix=""

16 ;;; Server 2
chain=dstnat action=dst-nat to-addresses=192.168.100.3 to-ports=888 protocol=tcp dst-address=aaa.bbb.aaa.53 in-interface=ether2-Fibernet dst-port=888 log=no
log-prefix=""

17 ;;; Server
chain=dstnat action=dst-nat to-addresses=192.168.100.3 to-ports=888 protocol=tcp dst-address=aaa.bbb.aaa.53 in-interface=ether2-Fibernet dst-port=3389 log=no
log-prefix=""

18 ;;; Server
chain=dstnat action=dst-nat to-addresses=192.168.100.3 to-ports=888 protocol=udp dst-address=aaa.bbb.aaa.53 in-interface=ether2-Fibernet dst-port=3389 log=no
log-prefix=""

19 ;;; Server
chain=dstnat action=dst-nat to-addresses=192.168.105.11 to-ports=9000 protocol=tcp dst-address=aaa.bbb.aaa.51 in-interface=ether2-Fibernet dst-port=9000 log=no
log-prefix=""

20 ;;; Server
chain=dstnat action=dst-nat to-addresses=192.168.105.11 to-ports=81 protocol=tcp dst-address=aaa.bbb.aaa.51 in-interface=ether2-Fibernet dst-port=81 log=no
log-prefix=""

21 ;;; Server
chain=dstnat action=dst-nat to-addresses=192.168.105.11 to-ports=8500 protocol=tcp dst-address=aaa.bbb.aaa.51 in-interface=ether2-Fibernet dst-port=8500 log=no
log-prefix=""


22 ;;; Route Server HRD
chain=srcnat action=src-nat to-addresses=aaa.bbb.aaa.51 src-address=192.168.105.11 out-interface=ether2-Fibernet log=no log-prefix=""

23 ;;; Route Server HRD
chain=srcnat action=src-nat to-addresses=aaa.bbb.aaa.50 src-address=192.168.105.11 out-interface=ether2-Fibernet log=no log-prefix=""

24 ;;; CCTV
chain=dstnat action=dst-nat to-addresses=192.168.100.19 to-ports=6060 protocol=tcp dst-address=aaa.bbb.aaa.50 in-interface=ether2-Fibernet dst-port=6060 log=no
log-prefix=""

25 ;;; CCTV
chain=dstnat action=dst-nat to-addresses=192.168.100.20 to-ports=6063 protocol=tcp dst-address=aaa.bbb.aaa.50 in-interface=ether2-Fibernet dst-port=6063 log=no
log-prefix=""

26 ;;; CCTV
chain=dstnat action=dst-nat to-addresses=192.168.100.19 to-ports=6061 protocol=tcp dst-address=aaa.bbb.aaa.50 in-interface=ether2-Fibernet dst-port=6061 log=no
log-prefix=""

27 ;;; CCTV
chain=dstnat action=dst-nat to-addresses=192.168.100.19 to-ports=34599 protocol=tcp dst-address=aaa.bbb.aaa.50 in-interface=ether2-Fibernet dst-port=34599 log=no
log-prefix=""

28 ;;; CCTV
chain=dstnat action=dst-nat to-addresses=192.168.10.30 to-ports=34599 protocol=tcp dst-address=aaa.bbb.aaa.50 in-interface=ether2-Fibernet dst-port=8000 log=no
log-prefix=""

29 ;;; Remote VNC
chain=dstnat action=dst-nat to-addresses=192.168.10.30 to-ports=34599 protocol=tcp dst-address=aaa.bbb.aaa.50 in-interface=ether2-Fibernet dst-port=5900 log=no
log-prefix=""

30 ;;; Server Zimbra
chain=dstnat action=dst-nat to-addresses=192.168.100.3 to-ports=3389 protocol=tcp dst-address=aaa.bbb.aaa.52 in-interface=ether2-Fibernet dst-port=3389 log=no
log-prefix=""

31 X ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.190.0/24 log=no log-prefix=""

32 X ;;; Redirect DNS TCP
chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53 log=no log-prefix=""

33 X ;;; Redirect DNS UDP
chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 log=no log-prefix=""
Hasil =

akses server dari lokal memakai ip lokal = bisa
akses server dari lokal memakai ip public = ga bisa
akses server dari luar memakai ip public = bisa


Mohon bantuannya suhu, ada kesalahan dimana.

Terima Kasih.