Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Hairpin nat on different interfaces. HOW ?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Hairpin nat on different interfaces. HOW ? (Read 1804 times)
Moofo
Newbie
Posts: 11
Karma: 0
Hairpin nat on different interfaces. HOW ?
«
on:
March 22, 2022, 04:19:34 pm »
Let's say I have a server on 192.168.4.25
What rules should I add to be to reach it from let's say 192.168.1.12 when requesting my wan IP ?
Regular hairpin mechanism does not seems to work.
Regards
Logged
utahbmxer
Newbie
Posts: 42
Karma: 0
Re: Hairpin nat on different interfaces. HOW ?
«
Reply #1 on:
March 22, 2022, 04:53:49 pm »
I have a couple Port-Forward rules doing this same thing. I don't know if it will make a difference since I have several public IPs which are just Virtual IPs, which I use for my "Destination". Here is what mine look like:
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP
Destination: Virtual IP (you can use WAN Address or type in a host as well)
Dest Port: Port Alias (contains a group of ports such as 80, 443, etc)
Redirect target IP: 192.168.4.25/32
Redirect target port: (same alias as dest port)
NAT Reflection: enabled (I think this is what you may need, the system may default to disabled)
Logged
meyergru
Hero Member
Posts: 1761
Karma: 171
IT Aficionado
Re: Hairpin nat on different interfaces. HOW ?
«
Reply #2 on:
March 22, 2022, 05:36:16 pm »
I think the hairpinning (aka NAT reflection) in itself does work, but not between different interfaces. For me, it is the firewall that is blocking the traffic from getting through.
I can see that from the fact that every port forward with enabled reflection that originates from my LAN works fine (even if the destination machine is in the IoT network), but not the other way around. My LAN is allowed to access the IoT network, but the opposite is not true.
If I want to keep that logic, I have to allow access selectively to the reflected IPs and ports from the IoT network.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Moofo
Newbie
Posts: 11
Karma: 0
Re: Hairpin nat on different interfaces. HOW ?
«
Reply #3 on:
April 12, 2022, 10:11:19 pm »
Ok, so If I follow you, it'S the same but I have to allow my server traffic to go to my actual lan where the machine is ?
Going to test this. Thank you very much for your help
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Hairpin nat on different interfaces. HOW ?