I tested from outside and the firewall rules do block access.  I've been
scratching my head for a long time now on how to solve the problem where my
employer's VPN takes over DNS.  Complaints to our IT team did no good.  But
now I have a work-around.

David

On Wed, Jul 20, 2022 at 11:59 AM Lonnie Abelbeck <li...@lonnie.abelbeck.com>
wrote:

> Hi David,
>
> Interesting ... yes, as you suggested, setting the NAT EXT->LAN "Source"
> rule to only the local LAN(s) (ex. 192.168.1.0/24) should be what you
> need to limit "loopback" to only local IPs for a particular NATed port.
>
> Can't say I ever needed that, but should work.
>
> Best to test hitting you external interface from the outside with the
> associated "loopback" port and make sure it is not allowed in.
>
> Lonnie
>
>
>
>
> > On Jul 20, 2022, at 8:31 AM, David Kerr <da...@kerr.net> wrote:
> >
> > Is it possible to configure NAT Loopback on its own... ie, without
> opening NAT->LAN for all sources?
> >
> > I have a problem where my employer's VPN is hijacking DNS so name
> resolution for my internal hosts is always getting routed to the VPN's
> supplied DNS which will not resolve to my internal IP address, so traffic
> is getting sent to my external IP address.
> >
> > Loopback works, I can set a port number to forward but I don't want to
> open the firewall port to any external client, only to a client on my
> internal network.
> >
> > It looks like I can set Source IP to e.g. 192.168.1.0/24 and that will
> setup the firewall rules.  But is that the best and/or safe way to do it?
> >
> > Thanks
> > David
> > _______________________________________________
> > Astlinux-users mailing list
> > Astlinux-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> >
> > Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to