Port forwarding inside LAN

DimaKompot · April 11, 2020, 12:30am

Hello all,
I have the NAS with Open Media Vault and Nextcloud in my local network (192.168.1.20). Nextcloud is using ports 444 for https and 81 for http. In order to access nextcloud from the internet I got domain (domain.name), add my external IP to public DNS, configured port forwarding on OpenWRT from WAN 80 => 192.168.1.20:81 and WAN 443 => 192.168.1.20:444. It works both from the internet and my local network.
In order to make transfers faster in case of using my local network I want to route all local traffic from domain.name to 192.168.1.20. Is there any way to route all traffic from my LAN with destination "https://domain.name(:443)" to "https://192.168.1.20:444"?

I tried to add to /etc/hosts line with "domain.name 192.168.1.20". Currently it works only if I specify port in the browser like "https://domain.name:444/nextcloud/apps/files/", but this is not a desirable behavior.
Also I tried to make rules for LAN to LAN port forwarding:

uci add firewall redirect # =cfg113837
uci set firewall.@redirect[-1].dest_port='444'
uci set firewall.@redirect[-1].src='lan'
uci set firewall.@redirect[-1].name='nextcloud_local'
uci set firewall.@redirect[-1].src_dip='192.168.1.20'
uci set firewall.@redirect[-1].src_dport='443'
uci set firewall.@redirect[-1].dest_ip='192.168.1.20'
uci set firewall.@redirect[-1].dest_port='444'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'

but it also didn't work. any ideas?

mikma · April 11, 2020, 4:20am

If you want to bypass the router then you have to add the port forwarding or change ports on the NAS.

DimaKompot · April 11, 2020, 9:17am

So this is my question - how to do port forwarding inside LAN? I showed my configuration for the port forwarding in the initial message and it doesn't work

eduperez · April 11, 2020, 9:20am

Traffic between two LAN devices does not reach the router's CPU, no firewall rules can do what you need.

DimaKompot · April 11, 2020, 9:52am

Any idea how it can be done?

anon45274024 · April 11, 2020, 9:57am

Lookup the documentation for the content server and apply a port rewrite (443 -> 444) directive.

DimaKompot · April 11, 2020, 10:19am

So there is no way to make it possible using OpenWRT, it should be done from server (192.168.1.20) side?

trendy · April 11, 2020, 10:21am

This requires the server to listen to 443 already, or to redirect with iptables on the server.

anon45274024 · April 11, 2020, 10:32am

OpenWrt is just the name of the distro. Do you mean LuCI? There is a package luci-app-uhttpd

Description: uHTTPd Webserver Configuration

that may help, if you are using uHTTPd

DimaKompot · April 11, 2020, 10:37am

Saying OpenWRT I mean the router. How a webserver on the router will help me to resolve the issue?

trendy · April 11, 2020, 10:40am

If both devices are in the same lan (192.168.1.X) then they can communicate directly without passing traffic through OpenWrt.
If you need to enforce some policies, you'll need to either do it on the web server or move the server to a different firewall zone.

anon45274024 · April 11, 2020, 10:50am

My bad, I missed the part that the web content server is running on the NAS instance and not the router...

trendy · April 11, 2020, 11:18am

What @anon45274024 says is technically possible, but it requires a web server on the router which is capable to rewrite and redirect the packets.
For example.

system · April 21, 2020, 11:18am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.