I tested from outside and the firewall rules do block access. I've been scratching my head for a long time now on how to solve the problem where my employer's VPN takes over DNS. Complaints to our IT team did no good. But now I have a work-around.
David On Wed, Jul 20, 2022 at 11:59 AM Lonnie Abelbeck <li...@lonnie.abelbeck.com> wrote: > Hi David, > > Interesting ... yes, as you suggested, setting the NAT EXT->LAN "Source" > rule to only the local LAN(s) (ex. 192.168.1.0/24) should be what you > need to limit "loopback" to only local IPs for a particular NATed port. > > Can't say I ever needed that, but should work. > > Best to test hitting you external interface from the outside with the > associated "loopback" port and make sure it is not allowed in. > > Lonnie > > > > > > On Jul 20, 2022, at 8:31 AM, David Kerr <da...@kerr.net> wrote: > > > > Is it possible to configure NAT Loopback on its own... ie, without > opening NAT->LAN for all sources? > > > > I have a problem where my employer's VPN is hijacking DNS so name > resolution for my internal hosts is always getting routed to the VPN's > supplied DNS which will not resolve to my internal IP address, so traffic > is getting sent to my external IP address. > > > > Loopback works, I can set a port number to forward but I don't want to > open the firewall port to any external client, only to a client on my > internal network. > > > > It looks like I can set Source IP to e.g. 192.168.1.0/24 and that will > setup the firewall rules. But is that the best and/or safe way to do it? > > > > Thanks > > David > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. >
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
