Jump to content

NAT Loopback Issue

Bruno_A

Hello all,

 

I have an Active Directory domain on a different VLAN that's acting as a DMZ, configured in OpenWRT. I used this tutorial for that. On the DMZ, I have an IIS server and I own a Registered Domain Name that's pointing to my public IP, and ports 80 and 443 forwarded to the IIS IP in OpenWRT. From outside the network, I'm able to access the website using the Registered Domain Name, inside the VLAN/DMZ, I'm also able to access the website using the Registered Domain Name, however, on a different VLAN, I am not. For some reason, NAT Loopback is not working outside the VLAN/DMZ, however, I enabled "NAT Loopback" in the firewall rules for the VLAN/DMZ. Is it possible to enable it so that people in a different VLAN can access the webserver using the Registered Domain Name, instead of the server name? I could make a host entry, but I'd rather have it work the "proper" way.

 

Many thanks,

Bruno.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

Actually you got that reversed, NAT loopback is actually the "hacky" way as its extremely CPU intensive on the router, having a DNS entry that directs the traffic to the correct internal IP is the proper way.

Router:  Intel N100 (pfSense) WiFi6: Zyxel NWA210AX (1.7Gbit peak at 160Mhz)
WiFi5: Ubiquiti NanoHD OpenWRT (~500Mbit at 80Mhz) Switches: Netgear MS510TXUP, MS510TXPP, GS110EMX
ISPs: Zen Full Fibre 900 (~930Mbit down, 115Mbit up) + Three 5G (~800Mbit down, 115Mbit up)
Upgrading Laptop/Desktop CNVIo WiFi 5 cards to PCIe WiFi6e/7

Link to comment
Share on other sites

Link to post
Share on other sites

17 hours ago, Alex Atkin UK said:

Actually you got that reversed, NAT loopback is actually the "hacky" way as its extremely CPU intensive on the router, having a DNS entry that directs the traffic to the correct internal IP is the proper way.

Thanks a lot. I'll just create a DNS entry.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

8 hours ago, Bruno_A said:

Thanks a lot. I'll just create a DNS entry.

I learned the hard way.  You try pushing Gigabit through a router not designed to handle it and bad things happen. ;)

Direct to the LAN IP and it doesn't need to pass through the router at all.

Router:  Intel N100 (pfSense) WiFi6: Zyxel NWA210AX (1.7Gbit peak at 160Mhz)
WiFi5: Ubiquiti NanoHD OpenWRT (~500Mbit at 80Mhz) Switches: Netgear MS510TXUP, MS510TXPP, GS110EMX
ISPs: Zen Full Fibre 900 (~930Mbit down, 115Mbit up) + Three 5G (~800Mbit down, 115Mbit up)
Upgrading Laptop/Desktop CNVIo WiFi 5 cards to PCIe WiFi6e/7

Link to comment
Share on other sites

Link to post
Share on other sites

17 hours ago, Alex Atkin UK said:

I learned the hard way.  You try pushing Gigabit through a router not designed to handle it and bad things happen. ;)

Direct to the LAN IP and it doesn't need to pass through the router at all.

Yeah, I just did that. Easier for me. Thanks a lot.

Quote me so I can reply back :) 

MY PC-> PSU: EVGA SuperNOVA T2 1000W 80 Plus Titanium MOTHERBOARD: ASUS X370 Crosshair VI Hero CPU: RYZEN 7 3700X RAM: G.Skill 32GB (4X8GB) DDR4 3200MHz C14 GPU: EVGA GTX 1080Ti FTW3 HYBRID STORAGE: Samsung 970 EVO 500GB NVMe SSD; 2TB WD Caviar Blue; Crucial MX500 500GB SSD CUSTOM LOOP: EK-Velocity Nickel + Plexi CPU block, EK-FC1080 GTX Ti Acetal + Nickel GPU Block w/ EK-FC1080 GTX Ti Backplate, EK-XRES 140 Revo D5 PWM, EK-CoolStream PE 240 w/ 2x Noctua NF-F12 Chromax fans, EK-ACF Fitting 10/13mm Nickel, Mayhems UV White tubing 13/10mm, 3x Noctua NF-S12A Chromax case fans

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×