Hi David,

Interesting ... yes, as you suggested, setting the NAT EXT->LAN "Source" rule 
to only the local LAN(s) (ex. 192.168.1.0/24) should be what you need to limit 
"loopback" to only local IPs for a particular NATed port.

Can't say I ever needed that, but should work.

Best to test hitting you external interface from the outside with the 
associated "loopback" port and make sure it is not allowed in.

Lonnie




> On Jul 20, 2022, at 8:31 AM, David Kerr <da...@kerr.net> wrote:
> 
> Is it possible to configure NAT Loopback on its own... ie, without opening 
> NAT->LAN for all sources?
> 
> I have a problem where my employer's VPN is hijacking DNS so name resolution 
> for my internal hosts is always getting routed to the VPN's supplied DNS 
> which will not resolve to my internal IP address, so traffic is getting sent 
> to my external IP address.
> 
> Loopback works, I can set a port number to forward but I don't want to open 
> the firewall port to any external client, only to a client on my internal 
> network.
> 
> It looks like I can set Source IP to e.g. 192.168.1.0/24 and that will setup 
> the firewall rules.  But is that the best and/or safe way to do it?
> 
> Thanks
> David
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.



_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to