We have the following situation: On the main site of a customer we have an MX84 with an MPLS connection on WAN1 and a public internetconnection on WAN2. There is a local webserver in the private LAN that has port TCP/80,443 forwarded from WAN2 (public) towards it. Local LAN users can get the private IP address through local DNS and that works just dandy. However professional visitors who only get Guest WiFi access with a public DNS server also need to reach that webserver. Their traffic is of course egressed on WAN2 (public). So for them to reach the local webserver they get the public WAN2 address because I do not wish to give them access to the local DNS server so we expose internal addresses to them. Does the MX support NAT hairpin? And how does it implement it if it does? If it is not supported I could of course try to route traffic towards that destination out WAN 1 (MPLS) and let them circle the internet back in WAN2. But it would be nice if someone could confirm support for the hairpin. At this time it's not working, but I want to do some packet captures locally before calling support 🙂
... View more