Trying to connect to an externally accessible address from inside the network...

Hi, my setup is as follows:
I have 2 servers with two internal ip addresses 192.168.1.10 and 192.168.1.11 and I can connect to them via the browser when I am within the network.
I have a domain name of the type cloud.nova.com that connects to these two servers through two external ports (2443, 3443)
Those two external ports are redirected to the two respective ip addresses with 443 as internal ports for both.

When I try to connect from outside the network:
https://server.nova.com:2443
https://server.nova.com:3443
I have no problem accessing the servers.

However, when I am inside the network and I try to connect to those same addresses, it doesn't work!
The only way I can connect from inside the network is
https://192.168.1.10
https://192.168.1.11

How do I go about this, what do I need to configure on my VPN100 to make this work using the external addresses?
I know there is a way because prior to purchasing the VPN100, we were using another brand firewall and it was working perfectly.

Please help and TIA.

Answers

  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 686  mod
    @asu
    Regarding to your request,
    you need to create the DDNS and NAT profiles with disable NAT lookback.

    Charlie
  • asuasu Member Posts: 3
    Sorry, maybe I wasn't very clear, I am able to perfectly connect to the internal servers using port forwarding configured through NAT when I am outside of the network.
    When I am within the network, however, it doesn't work, how can I resolve this so that using the exact same address as I do when im outside the network in which the firewall is based works?
    TIA

  • PeterUKPeterUK Member Posts: 299  Master Member
    edited January 25, 2019 3:00AM

    I think you need NAT Loopback enabled

    It might not matter but are you using the same External as Internal port mapping?

    Also for NAT rule making for External IP its best to use a INTERFACE IP of the WAN


  • PeterUKPeterUK Member Posts: 299  Master Member
    edited January 25, 2019 4:10AM

    Been trying NAT loopback and it turns out you need to make a firewall rule like this:

    from LAN1

    to LAN1

    Service port

    and does work if  External port is not the same as Internal port


  • asuasu Member Posts: 3
    Nevermind, I found it myself:
    -> Add an IPV4 rule where you enter the public IP address
    -> go to NAT section and edit the redirects so that the "from" field is changed from "any" (my default setting) to the name I gave to the IPV4 rule.
    -> Tick the loopback check box 
    Now it works perfectly!
Sign In to comment.