Hi, I'm using VyOS 1.3, eth0 is my WAN port, br0 is my LAN port. When I configure NAT reflection to reach my website from my LAN using my WAN IP it does work, but causes *all* websites to direct to the web server on my LAN.
This page perfectly describes the issue I see but I can't work out how to translate the netgate instructions there into VyOS config: https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat-reflection.html
Here's my nat config, it's basically what tha docs say to do (https://docs.vyos.io/en/latest/nat.html#hairpin-nat-nat-reflection):
destination { rule 10 { description "SSH to server" destination { port 22 } inbound-interface eth0 protocol tcp translation { address 192.168.0.3 } } rule 11 { description "NAT Reflection SSH" destination { port 22 } inbound-interface br0 protocol tcp translation { address 192.168.0.3 } } rule 20 { description "HTTP to server" destination { port 80 } inbound-interface eth0 protocol tcp translation { address 192.168.0.3 } } rule 21 { description "NAT Reflection HTTP" destination { port 80 } inbound-interface br0 protocol tcp translation { address 192.168.0.3 } } rule 30 { description "HTTPS to server" destination { port 443 } inbound-interface eth0 protocol tcp translation { address 192.168.0.3 } } rule 31 { description "NAT Reflection HTTPS" destination { port 443 } inbound-interface br0 protocol tcp translation { address 192.168.0.3 } } } source { rule 100 { outbound-interface eth0 source { address 192.168.0.0/24 } translation { address masquerade } } } Is it possible to configure NAT Reflection without it translating all internal sourced traffic in VyOS?
No comments:
Post a Comment