Need to open a nat from lan to lan via wan
-
i don't see anything wrong here
i can only give you some point to check as i don't know why it's not working for you
do you have a corresponding Firewall Rules under the WAN interface?
overlapping NAT rules maybe?
wrong firewall rules order?
does LAN have a rule that permit to go out using port 9080 ?
you didn't mentioned what kind of service is it but is your service tcp only ?
anything under firewall log ?
does it work if you try from the internet or are you only trying from the lan side?if nothing work maybe try Method 2: Split DNS
-
@assistenzanet95 said in Need to open a nat from lan to lan via wan:
I know it is twisted but in this way I would have only one link to give to the customer to access the service
The url you give to some client has zero to do with if you do nat reflection or not.
The correct solution when your local to the service that is behind a nat firewall is to resolve whatever that fqdn is to the local IP and not the public one.
-
uhm he didn't mentioned url but link, if he is trying with url instead of ip than yes you are right, you can't do that with nat reflection but only with split dns
-
url or link - same thing.. What do you think a link is?
If he is giving the client an IP - he is doing it freaking WRONG!!! Period!
-
-
http://192.168.1.1/index.html isn't it a link ?
[root@tristan]# ip link show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00i don't see any url here but i don't want to go against my master if you say it's not
-
@assistenzanet95 said in Need to open a nat from lan to lan via wan:
the client using only public (Static) IP not URL
That is just plain MORONIC!!! Sorry but it is!!!
Give your client a public fqdn vs an IP... That way if it ever has to change you do not contact all your clients (even if only 1) and say hey that link is now http://y.y.y.y vs http://x.x.x.x
-
@johnpoz said in Need to open a nat from lan to lan via wan:
That is just plain MORONIC!!! Sorry but it is!!!
i know but is a local service and the director of the structure want to access from external location also
-
remove block bogon and block private network from the WAN interface ..
they are pretty much useless anyway -
@assistenzanet95 said in Need to open a nat from lan to lan via wan:
want to access from external location also
Then give them a FQDN... A domain can cost as little as $1, shit free if your open for using one of the hundreds if not 1000s of free domains you can leverage.
Average lets call it 10$ for you domain name a YEAR... there is one thing if this your buddy and you want him to access your ftp server so you can exchange anime or something.. But this is a client - how are you doing any sort of business at all and not have a domain to use?
-
@johnpoz said in Need to open a nat from lan to lan via wan:
Then give them a FQDN... A domain can cost as little as $1, shit free if your open for using one of the hundreds if not 1000s of free domains you can leverage.
Average lets call it 10$ for you domain name a YEAR... there is one thing if this your buddy and you want him to access your ftp server so you can exchange anime or something.. But this is a client - how are you doing any sort of business at all and not have a domain to use?Ok i know this, actually i manage over 50 domains for various customer, and obviously give them a domain to do this is the most correct solutions, but my question is why if i try to access to the service running on lan through public ip from the captive network it works, but if i try lan service through public ip from lan it doesn't work.
Currently the customers would not understand why it would have to buy a domain to use something he can use normally from the guest network
-
This post is deleted! -
@kiokoman said in Need to open a nat from lan to lan via wan:
remove block bogon and block private network from the WAN interface ..
they are pretty much useless anywayBlock removed but is the same
-
nothing else here, maybe the host have its own firewall blocking external ip? check with packet capture / wireshark if you see the traffic