NAT Loopback troubleshooting

kaine
kaine Posts: 5  Freshman Member
First Comment
edited April 2021 in Security
Hello,
I can't configure the NAT Loopback on our ZYXUSG-60W.
I have configured the following NAT rule.
And the following security policy.

If I access the web server from outside our LAN everything works correctly and the traffic is logged.
Accessing instead from the Lan the web server is unreachable and the ZyWall does not log anything.

If I tried nslookup (windows) on a computer of the lan the web server is resolved with the wan address wan the zywall (correctly I think).

What did I forget?

Thanks for your tips.
«1

Comments

  • ewing
    ewing Posts: 17  Freshman Member
    First Anniversary Friend Collector First Comment
    In my case I got many wans, I made two rules in this order in policy routes

    1. Access from the lan
     Source : server ip
    Destination Address: Lans (I made a group for all my subnets)
    Next Hop: Type Auto
    DSP Marking : Preserve
    Address Translation : Outgoing Interface

    2.1. Access from the wan
     Source : server ip
    Destination Address: any
    Next Hop: Type Interface ge1
    DSP Marking : Preserve
    Address Translation : Outgoing Interface
  • kaine
    kaine Posts: 5  Freshman Member
    First Comment
    Hi ewing,

    thank you for your reply.
    Unfortunately, in my case, your solution seems not working.

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @kaine 
    I tested it with v4.30-Wk10 on my lab without any issue. My test example as below.
    Therefore, I would like to check your configuration, so please private message it to me.


    Charlie
  • kaine
    kaine Posts: 5  Freshman Member
    First Comment
    Hi Charlie,
    Thank you for your answer.
    I will write to you in private.
    g'day
    Kaine
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi@kaine,
    it's weird, applying your configuration file on local lab, i can access the web server behind USG from Lan side host.
    Do you have packets trace on USG Lan interface while connecting web server from Lan side host?





  • serverpal
    serverpal Posts: 29  Freshman Member
    First Anniversary Friend Collector First Comment
    hi,
    I have the same problem.
    How can I to solve it?
  • jasailafan
    jasailafan Posts: 189  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    serverpal,
    What are the nat settings on your device? Is your device placed behind other nat device?  
  • serverpal
    serverpal Posts: 29  Freshman Member
    First Anniversary Friend Collector First Comment
    hi @jasailafan,

    server XAMPP is in 192.168.8.7 port 20200

    this is NAT rule:


    policy rule:


    outside lan http://myPublicIp:20200/mysite/index.html works!

    inside lan from smartphone or pc I have type 192.168.8.7:20200/mysite/index.html but I can not to type http://myPublicIp:20200/mysite/index.html
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    NAT loopback only works if the interface WAN1 has the WAN IP other then that you may need a firewall rule for from LAN1 to LAN1.


  • serverpal
    serverpal Posts: 29  Freshman Member
    First Anniversary Friend Collector First Comment
    hi @PeterUK
    thank you,
    how can I do it?

Security Highlight