OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: Moofo on March 22, 2022, 04:19:34 pm
-
Let's say I have a server on 192.168.4.25
What rules should I add to be to reach it from let's say 192.168.1.12 when requesting my wan IP ?
Regular hairpin mechanism does not seems to work.
Regards
-
I have a couple Port-Forward rules doing this same thing. I don't know if it will make a difference since I have several public IPs which are just Virtual IPs, which I use for my "Destination". Here is what mine look like:
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP
Destination: Virtual IP (you can use WAN Address or type in a host as well)
Dest Port: Port Alias (contains a group of ports such as 80, 443, etc)
Redirect target IP: 192.168.4.25/32
Redirect target port: (same alias as dest port)
NAT Reflection: enabled (I think this is what you may need, the system may default to disabled)
-
I think the hairpinning (aka NAT reflection) in itself does work, but not between different interfaces. For me, it is the firewall that is blocking the traffic from getting through.
I can see that from the fact that every port forward with enabled reflection that originates from my LAN works fine (even if the destination machine is in the IoT network), but not the other way around. My LAN is allowed to access the IoT network, but the opposite is not true.
If I want to keep that logic, I have to allow access selectively to the reflected IPs and ports from the IoT network.
-
Ok, so If I follow you, it'S the same but I have to allow my server traffic to go to my actual lan where the machine is ?
Going to test this. Thank you very much for your help