No port forward when source is lan

Sylvan · April 26, 2022, 12:09pm

I run a small web server at my home. For this I have a domain, which is supplied via DDNS with the current IP address. The access to the webserver is done via two simple port-forwards:

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option src_dport '443'
        option dest_port '443'
        option name 'HTTPS'
        list proto 'tcp'
        list proto 'udp'
        option dest_ip '192.168.0.5'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option src_dport '80'
        option name 'HTTP'
        option dest_port '80'
        list proto 'tcp'
        list proto 'udp'
        option dest_ip '192.168.0.5'

The whole thing runs smoothly for years, but now after the update to 22.03rc1 (I assume by the change to fw4) I have problems with the port forward from the LAN.

If I e.g. call a service with https://service.example.com/ I get ERR_CONNECTION_REFUSED as response.
The interesting thing: If I call this from outside - e.g. from the mobile phone - everything works as usual.

The problem is the call from the LAN.
So I thought, I add the following two rules:

config redirect
        option target 'DNAT
        option name 'HTTPS-local
        option src 'lan
        option src_dport '443
        option dest_ip '192.168.0.5
        option dest_port '443
        option dest 'lan

config redirect
        option dest 'lan
        option target 'DNAT
        option name 'HTTP-local
        option src 'lan
        option dest_ip '192.168.0.5
        option src_dport '80
        option dest_port '80'

But even this did not solve the problem.
Maybe someone here has a hint for me.

WereCatf · April 26, 2022, 12:30pm

That means there is no NAT-reflection enabled. I dunno how to set that up with fw4, but perhaps someone can chime in with that.

jow · April 26, 2022, 12:32pm

Change option src lan to option src wan in both redirects.

Sylvan · April 26, 2022, 12:38pm

Sorry - I stupidly copied the wrong rules above. I have adjusted it now.
src was of course wan - otherwise it would not have worked before.

jow · April 26, 2022, 12:40pm

Please PM the entire output of fw4 print

Sylvan · April 26, 2022, 1:03pm

To break up the thread: During my experiments with jow, all of a sudden access from the LAN also worked.
No idea why - because nothing was changed between the attempts.
I still have possibly outdated DNS entries in the suspicion but really I do not know.

Thanks to the two helpers in any case!

system · May 6, 2022, 1:03pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.