I am having a bit of a tricky configuration issue that I hope someone here might be able to shed some light on
Network topology is as follows
Public NATed
IP v4 IP v4 (192.168.11.x)
WAN <-> opnsrouter <-> sshhost
<-> cliient
NATed
IP v4 VLAN (192.168.22.x)
<-> vlanhost
(I don't think the VLAN is relevant but I include it for completeness - it's using tagged 802.11Q on opnsrouter. Firewall rules stop it sending traffic to local machines or opnsrouter.)
Automatic outbound NAT for reflection and reflection for port forwards are enabled
I set up a rule to port ssh to sshhost as follows
Interface: WAN
Destination: WAN IP
Destination port range: SSH
Redirect target IP: sshhost (via a firewall alias containing sshhost's IP)
Redirect target port: SSH
NAT reflection: enable
All other options are left at default
With this rule set up ssh to opnsrouter's public name works from both inside and outside the router, as expected. However, if I try to ssh to opnsrouter itself from inside the network, the connection also gets forwarded to sshhost rather than being picked up by opnsrouter as I would like.
What am I doing wrong? Is there a way to fix this? Thanks.