These are my ip/firewall/filter rules:
Code: Select all
add chain=input protocol=icmp
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input in-interface=ether1-gateway
Code: Select all
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment="port forward" dst-port=81 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.0.81 to-ports=80
add action=dst-nat chain=dstnat comment="dmz host" in-interface=ether1-gateway to-addresses=192.168.0.2
From an internal host, accessing 1.2.3.4 goes to the RB2011. How do I get it to behave the same as if I'm coming from an external host ?
All my searches end up in Hairpin NAT being mentioned. I tried adding a rule like:
Code: Select all
add action=masquerade chain=srcnat comment=hairpin dst-address=192.168.0.0/24 out-interface=bridge-local src-address=192.168.0.0/24