Using XG v19.0.0
Does a NAT loopback also normally allow access to the internal resource from the internet? I'm tryin to understand if I have a serious access issue, or if the following is normal behavior.
1. I built a web server on a DMZ zone network
2. I used the wizard to create a DNAT rule with loopback and reflexive rules to the web server's internal IP.
3. Created a firewall rule to allow HTTP/HTTPS
4. Tested access to the webserver from a public IP outside the network (AWS Instance)
5. Everything worked fine. I was able to get to the default page of the webserver.
6. With that confirmed I wanted to kill external access while I continued to work on the website.
7. I disabled the DNAT rule, but left the loopback and reflexive active.
8. To my surprise I could still access the webserver from the internet.
9. I reset the NAT counts and re-enabled the DNAT rule.
10. With the DNAT rule active it translates traffic from the internet to the server as it is higher in the rule order
11. When I disable the DNAT rule, the loopback rule (which is directly after the DNAT rule) shows that it is now translating requests from the internet to the webserver.
12 When I disable both the DNAT and Loopback, I can no longer hit the web server from the internet
My questions are:
1. Is this working as intended.
2. If so, what is the purpose of having two rules (one for DNAT and one for Loopback). Why not just have loopback?
I'm still trying to wrap my head around how loopback actually works. I'm getting stuck on the Source -> MASQ translation, I'm not understanding how the packet get's back to the source if it's translated to the MASQ (WAN) IP.
This thread was automatically locked due to age.
