Re: Access server from blocked subnet via external

---

poisonsnak wrote:

When you enabled port forwarding did you turn on hairpin NAT?  If that is enabled, I think it should be working

 

http://serverfault.com/questions/55611/loopback-to-forwarded-public-ip-address-from-local-network-hairpin-nat

 

If it is not, then I would recommend adding another firewall rule to allow this subnet to subnet traffic.  I have a similar situation and this is what my firewall looks like:

 

eppj@router# show firewall name lan_separation
 default-action accept
 rule 1 {
     action accept
     description "allow UniFi controller access"
     destination {
         address 192.168.1.60
         port 8080
     }
     log disable
     protocol tcp
     source {
         address 192.168.21.10
     }
     state {
         established enable
         invalid enable
         new enable
         related enable
     }
 }
 rule 3 {
     action drop
     description "deny other LAN access"
     destination {
         address 192.168.0.0/16
     }
     protocol all
 }
[edit]

---

Yup, Hairpin NAT is enabled. 

I was hoping there was another way than adding another firewall rule for this. Since I probably forget to remove this then I stop using it