NAT reflection/loopback fails with multiple zones
Username: TexasDex
Origin: https://bugs.openwrt.org/index.php?do=details&task_id=1645
I have multiple internal VLANs, and multiple firewall zones (e.g. a guest network, a DMZ LAN) with separate IP ranges and locked-down routing in between. I’ve found that if I forward a port to a web server in my DMZ zone the ‘NAT Loopback’ option has no effect on hosts outside of that zone (e.g. in my LAN or GuestLAN zones).
LEDE:
curl
curl: (7) Failed to connect to mywebsite.com port 443: Connection refused
On DMZ:
$ curl
...
The port forward works fine on hosts outside my network.
I’ve looked into adding custom rules to fix this, since a Linux sysadmin with a little bit of iptables experience, but I’m not having much luck figuring out the LEDE firewall.
Using LEDE Reboot (17.01.4, r3560-79f57e42) on x86 (QOTOM J1900 embedded PC).