Skip to content

FS#1645 - NAT reflection/loopback fails with multiple zones #7950

Closed
@openwrt-bot

Description

@openwrt-bot

TexasDex:

I have multiple internal VLANs, and multiple firewall zones (e.g. a guest network, a DMZ LAN) with separate IP ranges and locked-down routing in between. I've found that if I forward a port to a web server in my DMZ zone the 'NAT Loopback' option has no effect on hosts outside of that zone (e.g. in my LAN or GuestLAN zones).

LEDE:

curl https://mywebsite.com

curl: (7) Failed to connect to mywebsite.com port 443: Connection refused

On DMZ:

$ curl https://mywebsite.com

<title> ...

The port forward works fine on hosts outside my network.

I've looked into adding custom rules to fix this, since a Linux sysadmin with a little bit of iptables experience, but I'm not having much luck figuring out the LEDE firewall.

Using LEDE Reboot (17.01.4, r3560-79f57e422d) on x86 (QOTOM J1900 embedded PC).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions