I do not find a way to make the following (I give an example to make it easier):
I have a tool to synchro some files from my laptop to a NAS with SFTP from wherever I am.
My openwrt is doing port forwarding from wan (public.ip.address:66) to NAS.ip:22 for doing so.
It works well.
Yet, when I am at home, so in my lan, it doesn't make sense to go from my computer to internet then back to my NAS, it is rather slow and I would prefer to stay on my lan and go direct to my NAS
So I would like that each request to public.ip.address:66 is routed at the router level into NAS.ip:22 (and not going outside my lan)
I don't see such option in LUCI GUI or I missed it. May-be I have to write down an iptables rules but it is beyond my knowledge
One possible approach might be to rewrite your tool to detect if you're at home or not. If you're at home, use the NAS's real internal IP address. If you're not at home, use your public IP address.
Sure but not sure freefilesync (the tool that I use) support it... and moreover I was sure (but I could be wrong) that it was doable in the router with openwrt
You mean on the machine? I was willing to avoid that because it would mean to do it on each familly member machine...not the solution I would prefer, but interesting solution.
I really thought there was something "easy" to do on the router side
Probably my syntax is not correct, but I was thinking of something like this: iptables -t nat -A PREROUTING -d public.ip.adress --dport 66 -j DNAT --to NAS.ip:22
Port forwards configured via UCI/LUCI do NAT reflection automatically. NAT reflection allows you to reach services on your LAN through the external IP WITHOUT the packets actually going through the internet. In other words, if you have the port forwarded there is no step 2. It's already working exactly as you want it to work when connecting to this service while you are connected to the LAN network.
Yes If you open the Firewall page in Luci under Status and search for "Reflection" on said page, you will find multiple firewall rules taking care of this
No, what @treysis means is something similar to "split-brain DNS", where you get a different response depending on where you are.
When you're away from home, using dynamic DNS, you connect to your home network using your usual DDNS hostname. Your DNS lookup goes to the usual DNS server for your chosen DDNS provider.
When you're at home, you still connect using your usual DDNS hostname... but your router (or DNS server) intercepts the DNS query and directs the client to the internal IP address.
Sure, I was just giving him the correct syntax for the rule he posted in the preceding post. There are a number of ways to skin this particular cat, some of which will be better than others.