16
17.7 Legacy Series / Re: NAT Reflection
« on: December 24, 2017, 02:25:14 pm »
HI Guys,
I was wondering that I could use some help here with this NAT Reflection for Port-Forward. It seems not working for me.
Network Address Translation
Reflection for port forwards Enable (pure nat)
Reflection for 1:1 Enable
Automatic outbound NAT for Reflection Enable
NAT->Port Foward :
NAT reflection use system default
Filter rule association Rule NAT
Firewall: NAT: Outbound Mode
Tried both Manual and Hybrid....
Freebsd , MAIB, how to I check the these info, which is from my openwrt capture?
config redirect
option target 'DNAT'
option src 'wan'
option dest 'dmz'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option name 'dns'
option dest_ip '192.168.140.253'
@TorWrt# iptables-save | grep NAT
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 25 -m comment --comment "mx (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 443 -m comment --comment "web-email (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 80 -m comment --comment "webmail80-let\'sencrypt (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 53 -m comment --comment "dns (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p udp -m udp --dport 53 -m comment --comment "dns (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 25 -m comment --comment "mx (reflection)" -j DNAT --to-destination 192.168.140.253:25
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 443 -m comment --comment "web-email (reflection)" -j DNAT --to-destination 192.168.140.253:443
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 80 -m comment --comment "webmail80-let\'sencrypt (reflection)" -j DNAT --to-destination 192.168.140.253:80
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 53 -m comment --comment "dns (reflection)" -j DNAT --to-destination 192.168.140.253:53
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p udp -m udp --dport 53 -m comment --comment "dns (reflection)" -j DNAT --to-destination 192.168.140.253:53
Details of the problem are documented here......
https://discourse.mailinabox.email/t/letsencrypt-expired-and-dns-errors/2704/99
I was wondering that I could use some help here with this NAT Reflection for Port-Forward. It seems not working for me.
Network Address Translation
Reflection for port forwards Enable (pure nat)
Reflection for 1:1 Enable
Automatic outbound NAT for Reflection Enable
NAT->Port Foward :
NAT reflection use system default
Filter rule association Rule NAT
Firewall: NAT: Outbound Mode
Tried both Manual and Hybrid....
Freebsd , MAIB, how to I check the these info, which is from my openwrt capture?
config redirect
option target 'DNAT'
option src 'wan'
option dest 'dmz'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option name 'dns'
option dest_ip '192.168.140.253'
@TorWrt# iptables-save | grep NAT
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 25 -m comment --comment "mx (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 443 -m comment --comment "web-email (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 80 -m comment --comment "webmail80-let\'sencrypt (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 53 -m comment --comment "dns (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p udp -m udp --dport 53 -m comment --comment "dns (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 25 -m comment --comment "mx (reflection)" -j DNAT --to-destination 192.168.140.253:25
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 443 -m comment --comment "web-email (reflection)" -j DNAT --to-destination 192.168.140.253:443
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 80 -m comment --comment "webmail80-let\'sencrypt (reflection)" -j DNAT --to-destination 192.168.140.253:80
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 53 -m comment --comment "dns (reflection)" -j DNAT --to-destination 192.168.140.253:53
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p udp -m udp --dport 53 -m comment --comment "dns (reflection)" -j DNAT --to-destination 192.168.140.253:53
Details of the problem are documented here......
https://discourse.mailinabox.email/t/letsencrypt-expired-and-dns-errors/2704/99