Unable to browse websites hosted on my LAN
My previous USG 20 died and I upgraded to a Zywall 110. I'm hosting several websites on my LAN. I'm using an Apache web server reverse proxy to specific domains to different servers in my LAN. All it's doing is forwarding port 80 to port 8080 on Heracles. I already changed the firewall's port to 8081. This all worked fine on my USG 20.
The 110 has the new (to me) Security Policy Control. I've tried several permutations, but I can't seem to get the right rule to let me see the hosted sites from inside my LAN.
Here are the NAT rules:

Here are the policy rules:

I tried about 26 or 27 different permutations of the SERVER_REVERSE_PROXY rule with no luck. The websites work fine from the WAN.
Thanks in advance!
The 110 has the new (to me) Security Policy Control. I've tried several permutations, but I can't seem to get the right rule to let me see the hosted sites from inside my LAN.
Here are the NAT rules:

Here are the policy rules:

I tried about 26 or 27 different permutations of the SERVER_REVERSE_PROXY rule with no luck. The websites work fine from the WAN.
Thanks in advance!
0
Accepted Solution
-
Hi @Hector
The reason is because NAT loopback function did not enabled.
Due to you access to server from LAN side, so NAT loopback function is required.
It’s happy to know we found the reason of it.
1
All Replies
-
-
I changed the policy control rule as you suggested like so:
I'm still unable to browse websites from my LAN. The new Email_IMAP rule is working as I expected. This one is so strange!
Any other ideas?0 -
Hi @Hector
It’s strange situation, due to your mail server is working correctly.
I will send you private message for check this situation more details.
0 -
You could try IPv4 to any and see if that works
Are you using the newest firmware?
0 -
Both NAT and Security Control rules are IPV4.
I'm using firmware version V4.33(AAAA.0). As far as I can tell, that the latest for Zywall 110.0 -
Looking at your screenshots you cannot have “Enable NAT Loopback” setting enabled with “External IP” set to “any”.
Make a address rule with type “INTERFACE IP” for “wan1” and set that for “External IP” and check “Enable NAT Loopback”.
0
Categories
- All Categories
- 189 Beta Program
- 1.7K Nebula
- 91 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 917 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 452 Nebula FAQ
- 258 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 67 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight