DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Access local server via WAN FQDN and Draytek Vigor2926

  • guntero
  • Topic Author
  • Offline
  • New Member
  • New Member
More
29 Mar 2019 08:00 #1 by guntero
Access local server via WAN FQDN and Draytek Vigor2926 was created by guntero
I'm experiencing problems accessing a local server in my LAN via it's internet address. Let me explain. I have a local server, on IP 192.168.1.15, and it's serving http (port 80) (All my computers/servers in my LAN having addresses in the 192.168.1.0/24 range).
When I access this server from a computer in the LAN via http://192.168.1.15:80, everything works.
This server is accessible from the internet via NAT (e.g. http://my.server.com:8888). This is working as well, no problem there.
However, when I try to access this server from my LAN via this address (http://my.server.com:8888), I'm unable to access it.
When I check the firewall log, it's giving this entry:

[FILTER][Block][LAN/RT/VPN->WAN, 1:23:18 ][@S:R=13:1, 82.84.24.33:58741->192.168.1.15:80][TCP][HLen=20, TLen=52, Flag=S, Seq=1765099532, Ack=0, Win=64240]

Where 82.84.24.33 is my fixed WAN IP. And this is making no sense for me:
LAN/RT/VPN->WAN / 82.84.24.33:58741->192.168.1.15:80
It looks like the firewall thinks that the 82.84.24.33 is LAN and 192.168.1.15 is WAN....
And another strange thing, there are rules in the firewall to allow traffic LAN->WAN for port 80 (http)... Even in the other direction as well (WAN->LAN).
Only when I set the default rule in the firewall to 'allow' in stead of 'block' it's working, but that's obviously no option.
Thanks!

Please Log in or Create an account to join the conversation.

  • guntero
  • Topic Author
  • Offline
  • New Member
  • New Member
More
29 Mar 2019 12:38 #2 by guntero
Replied by guntero on topic Re: Access local server via WAN FQDN and Draytek Vigor2926
It looks like a NAT loopback / hairpin issue, but I'm almost sure the Vigor2926 is supporting this.
I think I just need to find the correct FireWall rule to allow this traffic.

Please Log in or Create an account to join the conversation.

More
29 Mar 2019 12:44 #3 by x64
Replied by x64 on topic Re: Access local server via WAN FQDN and Draytek Vigor2926
I have seen this kind of firewall issue (using default block rule) on my 2862 but it seemed to be better on the latest firmware. Ensure that you are on that.

If you are using an IP routed subnet as well as reverse NAT, see my other posts, as there are issues there as well. Sorry I’m posting from a mobile at present and cannot dig out the link myself.

Please Log in or Create an account to join the conversation.

  • guntero
  • Topic Author
  • Offline
  • New Member
  • New Member
More
29 Mar 2019 14:00 #4 by guntero
Replied by guntero on topic Re: Access local server via WAN FQDN and Draytek Vigor2926
It might be a firmware issue with the default 'block' rule, because when I create 3 new general blocking rules at the end of the rule list (WAN->LAN, LAN->WAN & LAN->LAN), and I set the default rule to 'allow', it is working...
And those 3 rules are working, because logging is enabled on those 3 rules, and they are clearly blocking all kinds of unwanted traffic.

Please Log in or Create an account to join the conversation.