0

I have a problem I cant seem to comprehend, here's the thing: I want to have access to a LAN server on 192.168.100.32 from the firewall (192.168.1.100). This network is managed by eth0, and I can (obviously) access any host within that network without problems.

However, I am unable to access it from the WAN interface (192.168.0.254, that is, eth3). Here's the Nmap scan results for each interface.

$ nmap 192.168.100.32 -e eth0 // 443/tcp open https

$ nmap 192.168.100.32 -e eth3 // 443/tcp filtered https

IPTables: 
Chain PREROUTING
DNAT   tcp  --  eth3 any anywhere anywhere  tcp dpt:https  to:192.168.100.32 


Chain POSTROUTING
MASQUERADE  all  --  any    eth0    anywhere             anywhere            
MASQUERADE  all  --  any    eth3    anywhere             anywhere

$ ip route

  • 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.1
  • 192.168.0.0/24 dev eth3 proto kernel scope link src 192.168.0.254

The weird thing is that 192.168.100.32 has access and is able to ping both 192.168.0.1 (gateway IP) and 192.168.0.254 (eth3, firewall interface)

I think it could be an ip route issue, but I don't know how to set it up correctly. Any help is appreciated!

yudontwork
  • 3
  • 1

1 Answers1

1

The switch / gateway for your WAN interface probably has Hairpinning disabled and is refusing to route LAN traffic to the WAN interface back to the LAN.

ca.adamgordon
  • 145
  • 4
  • Indeed, the problem was situated at the gateway level. I reset it and reconfigured it and everything's working fine. @Michael Hampton the masquerade for eth0 was a test. – yudontwork Nov 08 '16 at 14:27