Need to open a nat from lan to lan via wan

kiokoman

uhm he didn't mentioned url but link, if he is trying with url instead of ip than yes you are right, you can't do that with nat reflection but only with split dns

johnpoz

url or link - same thing.. What do you think a link is?

If he is giving the client an IP - he is doing it freaking WRONG!!! Period!

assistenzanet95

@johnpoz
the client using only public (Static) IP not URL

@kiokoman
i'll attach wan and lan rules

Screenshot_2020-03-03 netsistemi localdomain - Firewall Rules WAN.png

Screenshot_2020-03-03 netsistemi localdomain - Firewall Rules LAN.png

kiokoman

http://192.168.1.1/index.html isn't it a link ?
[root@tristan]# ip link show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

i don't see any url here but i don't want to go against my master if you say it's not

johnpoz

@assistenzanet95 said in Need to open a nat from lan to lan via wan:

the client using only public (Static) IP not URL

That is just plain MORONIC!!! Sorry but it is!!!

Give your client a public fqdn vs an IP... That way if it ever has to change you do not contact all your clients (even if only 1) and say hey that link is now http://y.y.y.y vs http://x.x.x.x

assistenzanet95

@johnpoz said in Need to open a nat from lan to lan via wan:

That is just plain MORONIC!!! Sorry but it is!!!

i know but is a local service and the director of the structure want to access from external location also

kiokoman

remove block bogon and block private network from the WAN interface ..
they are pretty much useless anyway

johnpoz

@assistenzanet95 said in Need to open a nat from lan to lan via wan:

want to access from external location also

Then give them a FQDN... A domain can cost as little as $1, shit free if your open for using one of the hundreds if not 1000s of free domains you can leverage.

Average lets call it 10$ for you domain name a YEAR... there is one thing if this your buddy and you want him to access your ftp server so you can exchange anime or something.. But this is a client - how are you doing any sort of business at all and not have a domain to use?

assistenzanet95

@johnpoz said in Need to open a nat from lan to lan via wan:

Then give them a FQDN... A domain can cost as little as $1, shit free if your open for using one of the hundreds if not 1000s of free domains you can leverage.
Average lets call it 10$ for you domain name a YEAR... there is one thing if this your buddy and you want him to access your ftp server so you can exchange anime or something.. But this is a client - how are you doing any sort of business at all and not have a domain to use?

Ok i know this, actually i manage over 50 domains for various customer, and obviously give them a domain to do this is the most correct solutions, but my question is why if i try to access to the service running on lan through public ip from the captive network it works, but if i try lan service through public ip from lan it doesn't work.

Currently the customers would not understand why it would have to buy a domain to use something he can use normally from the guest network

kiokoman

This post is deleted!

assistenzanet95

@kiokoman said in Need to open a nat from lan to lan via wan:

remove block bogon and block private network from the WAN interface ..
they are pretty much useless anyway

Block removed but is the same

kiokoman

nothing else here, maybe the host have its own firewall blocking external ip? check with packet capture / wireshark if you see the traffic