Reply To: nat reflection

Forums Network Management ZeroShell nat reflection Reply To: nat reflection


If your server is in the same lan of your devices (not so good, for such things would be better use a DMZ….) in addition to the rule in the ‘virtual server’, you have to add also a rule for the POSTROUTING, as described in the post above by @gordonf, so, eg in ‘ Setup’, ‘Scripts/Cron’, ‘ NAT and Virtual Servers’

iptables -t nat -I POSTROUTING -s -p tcp --dport 8092 -d -j MASQUERADE

I used the -I instead of -A in the rule, with -I the rule is inserted as 1st (you are sure that will be executed, even if you have other rules …)
This is needed because, if you try to reach the server via public ip address, but from within the same network, the server, sees that the connection is coming from an host which belongs to its own network, so, the server tries to respond directly (after an ARP req.).
Enable the script, then, via ssh

iptables -t nat -nvL POSTROUTING

You should see the rule at the top of the chain…..
You can also, rather than use the ssh, create a new job (‘Setup’, ‘Scripts/Cron’, ‘add job’ button), calling it eg ‘check postrouting’, insert the same command as above, and use the ‘test’ button (after the test, save …)