Cannot reach internal servers (in br-lan) from network guest

phqzgunsfjror · June 12, 2021, 6:50pm

Just a short status.

I guess the topic is "nat loopback" related.

github.com/openwrt/openwrt

FS#1645 - NAT reflection/loopback fails with multiple zones

opened 07:47PM - 09 Jul 18 UTC

closed 11:21AM - 19 Jun 20 UTC

openwrt-bot

flyspray

*TexasDex:* I have multiple internal VLANs, and multiple firewall zones (e.g. a… guest network, a DMZ LAN) with separate IP ranges and locked-down routing in between. I've found that if I forward a port to a web server in my DMZ zone the 'NAT Loopback' option has no effect on hosts outside of that zone (e.g. in my LAN or GuestLAN zones). LEDE: # curl https://mywebsite.com curl: (7) Failed to connect to mywebsite.com port 443: Connection refused On DMZ: $ curl https://mywebsite.com <html> <head> <title> ... The port forward works fine on hosts outside my network. I've looked into adding custom rules to fix this, since a Linux sysadmin with a little bit of iptables experience, but I'm not having much luck figuring out the LEDE firewall. Using LEDE Reboot (17.01.4, r3560-79f57e422d) on x86 (QOTOM J1900 embedded PC).

So it seems there is a bug with nat loopback with different VLANs/Zones...

I try to implement their workaround.