Hi. Not sure if I use correct words.
I have NAS with admin UI on port 5001 and web server on usual 443. I want for local users to use my domain name and corresponding SSL cert for admin UI, i.e. accessing it by mydomain.com:5001. But I don’t want to open it to outside, either.
I thought that I could do it by using only harpin rule without dst-nat, but apparently I am wrong. What’s the correct way to do that?
UPD: here’s current rules for opened port with hairpin
chain=srcnat action=masquerade protocol=tcp src-address=192.168.88.0/24 dst-address=192.168.88.0/24 dst-port=5001 log=no log-prefix=""
chain=dstnat action=dst-nat to-addresses=192.168.88.178 to-ports=5001 protocol=tcp dst-address=<my ip> dst-port=5001 log=no log-prefix=""