LAN to LAN via WAN

DeeZee
DeeZee Posts: 4  Freshman Member
First Comment Second Anniversary
edited April 2021 in Security
I have a few services running on some of my internal servers at home. I can access those services (vendor specific ports) from outside on my LAN via NAT, but using an external domain name or external IP doesn't work if I am at home. I spent a fair amount of time looking for answers but I haven't found anything that would explain to me how to do this.

So far I found the following info:

1. Add an IPV4 rule where you enter the public IP address
2. go to NAT section and edit the redirects so that the "from" field is changed from "any" (my default setting) to the name I gave to the IPV4 rule.
3. Tick the loopback check box 
Now it works perfectly! (source)

But I have no idea where to go to implement step #1.

Any help will be greatly appreciated.

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @DeeZee  

    You can add IPv4 object by: Configuration > Object > Address/GeoIP.

    Then you can reference this object into NAT rule.


    If you would like to setup port forwarding rule, you may also reference to this FAQ.

  • DeeZee
    DeeZee Posts: 4  Freshman Member
    First Comment Second Anniversary
    Thank you for the reply, but I'm not sure this the  the answer to the question I asked. I know how to set up NAT and define Objects and I connect successfully to various devices on my internal network when I am outside my house. The problem is that when I'm inside the external connection parameters no longer work and I have to use my LAN IP addresses to connect.


    Example:

    - internal file server is 192.168.1.100:12345
    - external IP for the above file server is domain.com:12345


    When I'm in the office I can connect to 192.168.1.100 using domain.com, but when I am at home this does to work and I have to use  192.168.1.100
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @DeeZee

    As your requirement: Access to office network by private IP address.

    It means VPN tunnel is required.

    You can full this FAQ to create L2TP tunnel on device.

    Then you can access to office network by private IP address after L2TP tunnel is established.

  • DeeZee
    DeeZee Posts: 4  Freshman Member
    First Comment Second Anniversary
    Stanley,

    This is not site-to-site. The connections work when I am outside my LAN without any tunnels. When I get home I can no longer connect to the same nodes unless I use internal IP of the node I need to connect to.


    Long story short, I figured it out myself:


    1. Configuration>Address/Geo IP>Add


    2. Configuration>NAT>Add(or Edit)



    In the above:

    1.
    • Gets your external IP address and assigns as an object
    • The options marked in green must be as shown
    2.
    • Incoming Interface must be WAN
    • Source IP must be LAN1 or LAN2 Subnet (in default LAN configurations)
    • External IP must be the same as defined in step 1 (here I called it WAN_IP
    • Enable NAT Loopback must be checked

    Now when I'm at home, I can connect to my internal nodes using an external ip or public domain name.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    It’s good to know you found the reason. :+1:
    Since you have configured “Source IP” address in Virtual Server rule.
    So you can access to specific server when source address is you defined.
    In the usual, the Source IP address is configured as “any” except you have any restriction for your network.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)