Nat Loopback not Working

Options
2»

All Replies

  • ticsystems
    ticsystems Posts: 59  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude
    edited January 2022
    Options
    PeterUK said:

    Doing a test you might be able to get NAT loopback work if your WAN IP is static all you have to do is make another NAT rule with the same setting and put in your real External WAN IP even if it not on the ATP interface.

    I have tested it and it does not work. When putting the private ip it does not open ports.
    This is how to configure it from the beginning.

  • PeterUK
    PeterUK Posts: 2,853  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    You make one rule with private ip 172.26.10.245 for External IP you then make another rule for the same port with External IP being your real WAN IP. So that for LAN you go to your domain which will be your WAN IP and the ATP should loopback

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,462  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @ticsystems,

    You can try to add an internal DNS A record (e.g. www.xxx.com 172.26.10.245) in ATP700, and LAN side hosts DNS server set to ATP-700. Once LAN hosts access to www.xxx.com, it will not go ISP router. 


     
  • ticsystems
    ticsystems Posts: 59  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude
    Options
    Hi @ticsystems,

    You can try to add an internal DNS A record (e.g. www.xxx.com 172.26.10.245) in ATP700, and LAN side hosts DNS server set to ATP-700. Once LAN hosts access to www.xxx.com, it will not go ISP router. 


     
    I have a active directory server. I will look at configuring it on the Windows DNS server. Thanks!!!
  • ticsystems
    ticsystems Posts: 59  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude
    Options
    EIt is not the ideal solution but it work.
    Thanks!
  • ticsystems
    ticsystems Posts: 59  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude
    Options
    Hi all. It is not a viable option. Behind the domain xxx.com they have a lot of external services and it should generate a lot of A records. I need natloopback to work.
  • PeterUK
    PeterUK Posts: 2,853  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    The way I said will work you need a LAN to LAN firewall rule for it to work.



Security Highlight