Hi, my setup is a dhcp server on eth3 as master for eth5 with 192.168.10.0/24 , 2vlans 192.168.80.0/24 and 192.168.90.0/24 on eth4, 192.168.90.100 is a webserver translated to a public ip and 192.168.90.0/24 has a mangle routing mark to go outside only through a preffered public ip in my case 86.x.x.x
192.168.10.100 is my laptop ip address connected to eth5
chain=dstnat action=dst-nat to-addresses=192.168.90.100 to-ports=80
protocol=tcp dst-address=86.x.x.x dst-port=80 log=no log-prefix=""
I can acces my webserver from outside but it fails if i do a hairpin nat for local access from my laptop on the public ip
chain=srcnat action=masquerade protocol=tcp src-address=192.168.10.0/24
dst-address=192.168.90.100 out-interface=ether3_MASTER_5 dst-port=80 log=no log-prefix=""
Anyway if i’m connected via vpn-pptp(192.168.30.0/24) then i can acces the webserver from public ip without any hairpin rule