F5F Stay Refreshed Power Users Networks Problem with loopback in NAT setup

Problem with loopback in NAT setup

Problem with loopback in NAT setup

P
petereater1003
Member
Find
150
11-11-2023, 10:23 PM
#1
Hello everyone, I'm trying to set up an Active Directory domain in a separate VLAN acting as a DMZ using OpenWRT. I followed a guide that helped me get started. On the DMZ side, I have an IIS server and a public IP address linked via a Registered Domain Name. Ports 80 and 443 are forwarded to the IIS host in OpenWRT. From outside the network, I can reach the site using the domain name, but inside the VLAN/DMZ I can too. However, NAT Loopback isn't working outside that segment even though I enabled it in the firewall rules for the DMZ. I'm wondering if I can turn it on again so users in another VLAN can access the web server using the domain name instead of the hostname. I'd prefer a proper setup rather than creating a host entry. Thanks, Bruno.
Reply
Reply
P
petereater1003
11-11-2023, 10:23 PM #1

Hello everyone, I'm trying to set up an Active Directory domain in a separate VLAN acting as a DMZ using OpenWRT. I followed a guide that helped me get started. On the DMZ side, I have an IIS server and a public IP address linked via a Registered Domain Name. Ports 80 and 443 are forwarded to the IIS host in OpenWRT. From outside the network, I can reach the site using the domain name, but inside the VLAN/DMZ I can too. However, NAT Loopback isn't working outside that segment even though I enabled it in the firewall rules for the DMZ. I'm wondering if I can turn it on again so users in another VLAN can access the web server using the domain name instead of the hostname. I'd prefer a proper setup rather than creating a host entry. Thanks, Bruno.

Reply
Reply
S
Soccerdude0
Member
Find
106
11-13-2023, 05:29 AM
#2
In fact, the reverse is true—NAT loopback is considered the less efficient method because it places a heavy load on the router’s CPU. Using a DNS entry to send traffic to the right internal IP address is the better approach.
Reply
Reply
S
Soccerdude0
11-13-2023, 05:29 AM #2

In fact, the reverse is true—NAT loopback is considered the less efficient method because it places a heavy load on the router’s CPU. Using a DNS entry to send traffic to the right internal IP address is the better approach.

Reply
Reply
W
Warplogic
Junior Member
Find
19
11-13-2023, 06:14 AM
#3
Thank you. I'll just set up a DNS record.
Reply
Reply
W
Warplogic
11-13-2023, 06:14 AM #3

Thank you. I'll just set up a DNS record.

Reply
Reply
B
Bombartia
Senior Member
Find
430
11-13-2023, 07:35 AM
#4
I discovered this the tough way. Attempting to send Gigabit over a router not built for it leads to issues. Better go straight to the LAN IP without going through the router.
Reply
Reply
B
Bombartia
11-13-2023, 07:35 AM #4

I discovered this the tough way. Attempting to send Gigabit over a router not built for it leads to issues. Better go straight to the LAN IP without going through the router.

Reply
Reply
_
_DeathTrap_
Member
Find
212
11-30-2023, 08:35 PM
#5
Sure, I just completed that. It was simpler for me. Appreciate the help!
Reply
Reply
_
_DeathTrap_
11-30-2023, 08:35 PM #5

Sure, I just completed that. It was simpler for me. Appreciate the help!

Reply
Reply