[FS#283] NAT Loopback ("reflections") not working correctly.
LEDE Bugs
lede-bugs at lists.infradead.org
Fri Nov 11 19:47:26 PST 2016
A new Flyspray task has been opened. Details are below.
User who did this - schoerg (schoerg)
Attached to Project - LEDE Project
Summary - NAT Loopback ("reflections") not working correctly.
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - LEDE Reboot r2006 / LuCI Master (git-16.232.29304-c0af360)
LeMaker Banana Pi
Kernel 4.4.27
NAT loopback allows to use the external IP inside your local network and still be able to reach the server you want.
That way a domain like example.com can be used internally and externally at the same time. This currently is bugged in Lede.
It worked with OpenWrt and Kernel 3.18.x, Version 15.05. The bug is also in newer OpenWrt versions, but I don't know where.
I create a new port forward, enable the "NAT Loopback" in the Luci interface, but still hosts inside the network can't reach the server.
To mitigate this I have this script:
WANIP=`ifconfig wwan0 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
# my server's IP on lan
SERVERIP=192.168.0.6
nat_loopback() {
iptables -t nat -F prerouting_rule
iptables -t nat -A prerouting_rule -d $WANIP -p $3 -j DNAT --to-destination $2
iptables -F forwarding_rule
iptables -A forwarding_rule -p $3 -d $2 -j ACCEPT
iptables -t nat -F postrouting_rule
iptables -t nat -A postrouting_rule -s 192.168.0.0/24 -p $3 -d $2 -j MASQUERADE
}
nat_loopback 80 $SERVERIP tcp
Which will then create the iptables rules in order to make this work again. It would be nice however if this would work OOTB.
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=283
More information about the lede-bugs
mailing list