NAT Reflection (Pure NAT) not working for same subnet (v2.2.2)
-
Good to know.
But, at least for me, reloading the filters makes no difference.
My situation has not changed since I originally posted it back in 2020. (Needless to say, things have been reloaded, rebooted, and reconfigured many times since then).
I am still using the same manually created outgoing NAT rule to patch the "undesirable behavior that is apparently not a bug". :-) -
I did find another solution to this problem, and it is no more harmful (I believe) than the default operation of a firewall if done carefully. It could possibly be fine-tuned somewhat, by placing this rule at the bottom of a rule list. I'm sure others here will advise. I only needed mine to transfer a few email accounts, to new email server software that had been installed. It needed to be run on the same server, and I had to use the reflection used for incoming external email, to get out of the machine. Once done, I disabled the rules.
I created a rule for the VLAN for our mail server to allow All outbound traffic through the firewall to the web, reflection redirects it back again if it's on the same ports as per the inbound NAT rule.
Action Pass
Interface MAILSERVER
Address IPV4
Protocol: TCPSource: Single host or alias, Mailserver_ip
Destination …
**Invert match: Checked
LAN.net ← Lan for users – this blocks the email server from connecting outbound to the main_lan via reflection
(You may need to set a rule for each VLAN if you intend to run it permanently, I had to do another for our phone system)And that's it.
I hope it's useful to someone.
Mike
