Hi David, Interesting ... yes, as you suggested, setting the NAT EXT->LAN "Source" rule to only the local LAN(s) (ex. 192.168.1.0/24) should be what you need to limit "loopback" to only local IPs for a particular NATed port.
Can't say I ever needed that, but should work. Best to test hitting you external interface from the outside with the associated "loopback" port and make sure it is not allowed in. Lonnie > On Jul 20, 2022, at 8:31 AM, David Kerr <da...@kerr.net> wrote: > > Is it possible to configure NAT Loopback on its own... ie, without opening > NAT->LAN for all sources? > > I have a problem where my employer's VPN is hijacking DNS so name resolution > for my internal hosts is always getting routed to the VPN's supplied DNS > which will not resolve to my internal IP address, so traffic is getting sent > to my external IP address. > > Loopback works, I can set a port number to forward but I don't want to open > the firewall port to any external client, only to a client on my internal > network. > > It looks like I can set Source IP to e.g. 192.168.1.0/24 and that will setup > the firewall rules. But is that the best and/or safe way to do it? > > Thanks > David > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
