Trying to connect to an externally accessible address from inside the network...

asu
asu Posts: 3  Freshman Member
First Comment
edited April 2021 in Security
Hi, my setup is as follows:
I have 2 servers with two internal ip addresses 192.168.1.10 and 192.168.1.11 and I can connect to them via the browser when I am within the network.
I have a domain name of the type cloud.nova.com that connects to these two servers through two external ports (2443, 3443)
Those two external ports are redirected to the two respective ip addresses with 443 as internal ports for both.

When I try to connect from outside the network:
https://server.nova.com:2443
https://server.nova.com:3443
I have no problem accessing the servers.

However, when I am inside the network and I try to connect to those same addresses, it doesn't work!
The only way I can connect from inside the network is
https://192.168.1.10
https://192.168.1.11

How do I go about this, what do I need to configure on my VPN100 to make this work using the external addresses?
I know there is a way because prior to purchasing the VPN100, we were using another brand firewall and it was working perfectly.

Please help and TIA.

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @asu
    Regarding to your request,
    you need to create the DDNS and NAT profiles with disable NAT lookback.

    Charlie
  • asu
    asu Posts: 3  Freshman Member
    First Comment
    Sorry, maybe I wasn't very clear, I am able to perfectly connect to the internal servers using port forwarding configured through NAT when I am outside of the network.
    When I am within the network, however, it doesn't work, how can I resolve this so that using the exact same address as I do when im outside the network in which the firewall is based works?
    TIA

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 2019

    I think you need NAT Loopback enabled

    It might not matter but are you using the same External as Internal port mapping?

    Also for NAT rule making for External IP its best to use a INTERFACE IP of the WAN


  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 2019

    Been trying NAT loopback and it turns out you need to make a firewall rule like this:

    from LAN1

    to LAN1

    Service port

    and does work if  External port is not the same as Internal port


  • asu
    asu Posts: 3  Freshman Member
    First Comment
    Nevermind, I found it myself:
    -> Add an IPV4 rule where you enter the public IP address
    -> go to NAT section and edit the redirects so that the "from" field is changed from "any" (my default setting) to the name I gave to the IPV4 rule.
    -> Tick the loopback check box 
    Now it works perfectly!

Security Highlight