I have just set up an extremely simple port forwarding rule so that when I want to connect to my server the router redirects https traffic to the server (in lan area). However, the rule applies only to traffic incoming from wwan area, not to local traffic.
Example: i can connect to the server normally from outside my network (eg. from my smartphone), but not from my laptop that is connected to the same network.
I'm quite new to this, but shouldn't this be handled by the option "Enable NAT Loopback" (that I have ticked in the rule configuration)?
What am I doing wrong?
I am running OpenWrt 18.06.2 r7676-cddd7b4c77 / LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d)
Below is a screenshot of the rule I added in the "Port forwards" section of the UI.
Actually, this should be enabled by default.
Perhaps you should change the "Loopback source IP" to "Use external IP address".
In addition, the reflection works only when the source and the destination are in the same zone.
@vgaetera It is enabled by default indeed. Could you elaborate on that, please?
@trendy, here is the output for that specific rule. Do you need the whole output? [1970:103120] -A zone_wan_prerouting -p tcp -m tcp --dport 443 -m comment --comment "!fw3: https" -j DNAT --to-destination 192.168.1.131:443
Reflection is not enabled.
Anyway I don't advice the use of reflection, since it utilizes router resources for intra-lan traffic. You can utilize an internal name for the server, like www.lan, or if you must use the public name create a hostname entry with the fqdn pointing to the internal address.