NAT Loopback troubleshooting

Options
kaine
kaine Posts: 5  Freshman Member
First Comment
edited April 2021 in Security
Hello,
I can't configure the NAT Loopback on our ZYXUSG-60W.
I have configured the following NAT rule.
And the following security policy.

If I access the web server from outside our LAN everything works correctly and the traffic is logged.
Accessing instead from the Lan the web server is unreachable and the ZyWall does not log anything.

If I tried nslookup (windows) on a computer of the lan the web server is resolved with the wan address wan the zywall (correctly I think).

What did I forget?

Thanks for your tips.
«1

Comments

  • ewing
    ewing Posts: 17  Freshman Member
    First Anniversary Friend Collector First Comment
    Options
    In my case I got many wans, I made two rules in this order in policy routes

    1. Access from the lan
     Source : server ip
    Destination Address: Lans (I made a group for all my subnets)
    Next Hop: Type Auto
    DSP Marking : Preserve
    Address Translation : Outgoing Interface

    2.1. Access from the wan
     Source : server ip
    Destination Address: any
    Next Hop: Type Interface ge1
    DSP Marking : Preserve
    Address Translation : Outgoing Interface
  • kaine
    kaine Posts: 5  Freshman Member
    First Comment
    Options
    Hi ewing,

    thank you for your reply.
    Unfortunately, in my case, your solution seems not working.

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    @kaine 
    I tested it with v4.30-Wk10 on my lab without any issue. My test example as below.
    Therefore, I would like to check your configuration, so please private message it to me.


    Charlie
  • kaine
    kaine Posts: 5  Freshman Member
    First Comment
    Options
    Hi Charlie,
    Thank you for your answer.
    I will write to you in private.
    g'day
    Kaine
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,454  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi@kaine,
    it's weird, applying your configuration file on local lab, i can access the web server behind USG from Lan side host.
    Do you have packets trace on USG Lan interface while connecting web server from Lan side host?





  • serverpal
    serverpal Posts: 29  Freshman Member
    First Anniversary Friend Collector First Comment
    Options
    hi,
    I have the same problem.
    How can I to solve it?
  • jasailafan
    jasailafan Posts: 191  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    serverpal,
    What are the nat settings on your device? Is your device placed behind other nat device?  
  • serverpal
    serverpal Posts: 29  Freshman Member
    First Anniversary Friend Collector First Comment
    Options
    hi @jasailafan,

    server XAMPP is in 192.168.8.7 port 20200

    this is NAT rule:


    policy rule:


    outside lan http://myPublicIp:20200/mysite/index.html works!

    inside lan from smartphone or pc I have type 192.168.8.7:20200/mysite/index.html but I can not to type http://myPublicIp:20200/mysite/index.html
  • PeterUK
    PeterUK Posts: 2,744  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    NAT loopback only works if the interface WAN1 has the WAN IP other then that you may need a firewall rule for from LAN1 to LAN1.


  • serverpal
    serverpal Posts: 29  Freshman Member
    First Anniversary Friend Collector First Comment
    Options
    hi @PeterUK
    thank you,
    how can I do it?

Security Highlight