NAT Loopback troubleshooting

kaine
kaine Posts: 5
First Comment
 Freshman Member
edited April 2021 in Security
Hello,
I can't configure the NAT Loopback on our ZYXUSG-60W.
I have configured the following NAT rule.
And the following security policy.

If I access the web server from outside our LAN everything works correctly and the traffic is logged.
Accessing instead from the Lan the web server is unreachable and the ZyWall does not log anything.

If I tried nslookup (windows) on a computer of the lan the web server is resolved with the wan address wan the zywall (correctly I think).

What did I forget?

Thanks for your tips.
«1

Comments

  • ewing
    ewing Posts: 17
    First Comment Friend Collector First Anniversary
     Freshman Member
    In my case I got many wans, I made two rules in this order in policy routes

    1. Access from the lan
     Source : server ip
    Destination Address: Lans (I made a group for all my subnets)
    Next Hop: Type Auto
    DSP Marking : Preserve
    Address Translation : Outgoing Interface

    2.1. Access from the wan
     Source : server ip
    Destination Address: any
    Next Hop: Type Interface ge1
    DSP Marking : Preserve
    Address Translation : Outgoing Interface
  • kaine
    kaine Posts: 5
    First Comment
     Freshman Member
    Hi ewing,

    thank you for your reply.
    Unfortunately, in my case, your solution seems not working.

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034
    50 Answers 500 Comments Friend Collector Fourth Anniversary
     Guru Member
    @kaine 
    I tested it with v4.30-Wk10 on my lab without any issue. My test example as below.
    Therefore, I would like to check your configuration, so please private message it to me.


    Charlie
  • kaine
    kaine Posts: 5
    First Comment
     Freshman Member
    Hi Charlie,
    Thank you for your answer.
    I will write to you in private.
    g'day
    Kaine
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,052
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member
    [email protected],
    it's weird, applying your configuration file on local lab, i can access the web server behind USG from Lan side host.
    Do you have packets trace on USG Lan interface while connecting web server from Lan side host?





  • serverpal
    serverpal Posts: 29
    First Comment Friend Collector Second Anniversary
     Freshman Member
    hi,
    I have the same problem.
    How can I to solve it?
  • jasailafan
    jasailafan Posts: 165
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member
    serverpal,
    What are the nat settings on your device? Is your device placed behind other nat device?  
  • serverpal
    serverpal Posts: 29
    First Comment Friend Collector Second Anniversary
     Freshman Member
    hi @jasailafan,

    server XAMPP is in 192.168.8.7 port 20200

    this is NAT rule:


    policy rule:


    outside lan http://myPublicIp:20200/mysite/index.html works!

    inside lan from smartphone or pc I have type 192.168.8.7:20200/mysite/index.html but I can not to type http://myPublicIp:20200/mysite/index.html
  • PeterUK
    PeterUK Posts: 1,492
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    NAT loopback only works if the interface WAN1 has the WAN IP other then that you may need a firewall rule for from LAN1 to LAN1.


  • serverpal
    serverpal Posts: 29
    First Comment Friend Collector Second Anniversary
     Freshman Member
    hi @PeterUK
    thank you,
    how can I do it?

Security Highlight