Bypass firewall for lan to wan to lan

evewes · Mar 4, 2011, 8:56 PM

How do i open for lan to wan to lan traffic i can see it blocked by firewall in log?

Nachtfalke · Mar 7, 2011, 6:38 PM

Not sure, what you mean but:

Interfaces -> WAN

Cry Havok · Mar 7, 2011, 7:40 PM

Are you trying to access WAN IP addresses from the LAN? If so look for NAT Reflection.

evewes · Mar 8, 2011, 6:36 AM

Thanks for your answer, i have a server in my lan used by some people with dyndns. Dyndns has stop working a couple of times and showed wrong ip (192.168.x.x) when i logged in at dyndns.org to update ip. I must see this quickly and for that i have set up a connection in my lan out trough wan to dyndns and back to wan into lan and server. And its blocked by firewall in log. In log i can se a roule caused this but i cant figure out which. If i click in system act on X the explaining pointer to rule is over my head to figure out.

client - lan -wan - lan -server

Release 1.2.3 (soon upgrade to 2.0)
4 routers in use and 2 of them have hotstandby routers if failure (never used other than test!!)

Cry Havok · Mar 8, 2011, 11:00 PM

If your DynDNS hostname is updated with the wrong IP it indicates a problem with your update client. Rather than fixing the symptom you should solve the problem - fix the update client.

evewes · Mar 9, 2011, 3:39 AM

@Cry:

If your DynDNS hostname is updated with the wrong IP it indicates a problem with your update client. Rather than fixing the symptom you should solve the problem - fix the update client.

This happend two separate times in two of my routers and for a couple of friends with dir-655 and other
Routers. I cant say if it happened in the same second maybe more likley in the same day. It was in different places in the country Its over my head. I will look into NAT-reflektion as sugested in erlier post.
Thanks for your answer so far, if you know more of the router solution in the question i would be happy.

Cry Havok · Mar 9, 2011, 7:27 AM

Hardware update clients are notorious for being problematic - it all depends on how much effort the manufacturer put into making them work correctly and how they find out the WAN IP. One solution I've found to work reliably is to replace the firmware with the likes of DD-WRT, which has a well behaved update client built into it. Obviously that only works if your router is supported by DD-WRT.