sunray.sk is pointed at public ip, wan ip of router
if "lan" -> 192.168.0.0/24, gw: 192.168.0.1
if "lan2" -> 192.168.1.0/24, gw: 192.168.1.1
Flat 1:
interface "lan" is in zone "lan", devices in there:
Web Server with port forwarding turned on from wan to ip 192.168.0.200, ports that are forwarding: 443, 80, 25, 993,995,110,143,465,587
Wireless APs:
SunrayWiFi, ch. 1, if "lan"
SunrayWiFi, ch1, if "lan" but with older encryption for some IOT we have at home
SunrayBridge, ch1, if "lan2" -> this Wifi is facticaly like "bridge" to flat 2
Flat 2:
Older TpLink router with WDS turned on + DHCP turned on
Laptop with DHCP
when I try to connect to web, open sunray.sk in web browser, it will say that the connection was refused, when I try to send mails, same
BUT I can access any website. Where is the problem? What to do to make it working and have in separately zones? Thanks.
The nat loopback that makes it work in lan is enabled due to the port redirect you have configured from wan to the server in zone lan.
I am against the nat loopback, because it utilizes router resources for intralan traffic. You can use directly the server IP or create a hostname which will resolve to the internal IP.
If none of these can work, then you'll need to replicate the DNAT rules for nat reflexion from lan to lan2 zone.
So, if I correctly understood, OpenWrt knows from which zone was request send and it will allow only access public ip forwards from lan where are the forwards created?
Sort of yes.
You created a redirect from wan to lan. So when you enable nat loopback, OpenWrt will enable a DNAT from lan to the wan IP to be redirected to the internal IP in the lan. There is also an SNAT, but this is not necessary for interzone redirects.