What's new

manual firewall rules for loopback

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Pila

Regular Contributor
I have Asus RT-AC68U. It is double NATted and loopback does not work. Theoretically, this router has no problem with the loopback, so It may be entirely fault of my router being DoubleNAT. Changing NAT Loopback from Merlin to Asus does nothing. But, all of that is irrelevant. Same as firmware versions.

I need it to work. I may be wrong on multiple claims here, but I hope am not. Should I not be able to add a rule or two manually to the firewall and achieve desired loopback result?

Here is the layout:
my e-mail server is at: 192.168.1.91
say my DDNS is: wan.ip

router is 192.168.1.1, its WAN port is 192.168.0.100 (connected to the 192.168.0.1 modem to which my DDNS wan.ip points to)

1) When I am connected outside my LAN, all mail works perfectly using wan.ip (e-mail ports are forwarded). My e-mail server sends / receives all e-mails perfectly fine.

2.1) When I am inside my LAN, trying to connect to wan.ip with any mail related program - "Connection refused"

2.2) When I am inside my LAN, with any mail related program all mail works perfectly using 192.168.1.91 (instead of wan.ip)

So, how do I tell to my router's firewall to accept all LAN requests for wan.ip and direct them to the 192.168.1.91?

Editing many local hosts file is not an answer. Using own local DNS server requires changes on each of the computers: could be used, but I would strongly prefer to avoid it. If editing hosts at the router itself would work I would accept that.
 
Last edited:
I have Asus RT-AC68U. It is double NATted and loopback does not work. Theoretically, this router has no problem with the loopback, so It may be entirely fault of my router being DoubleNAT. Changing NAT Loopback from Merlin to Asus does nothing. But, all of that is irrelevant. Same as firmware versions.

I need it to work. I may be wrong on multiple claims here, but I hope am not. Should I not be able to add a rule or two manually to the firewall and achieve desired loopback result?

Here is the layout:
my e-mail server is at: 192.168.1.91
say my DDNS is: wan.ip

router is 192.168.1.1, its WAN port is 192.168.0.100 (connected to the 192.168.0.1 modem to which my DDNS wan.ip points to)

1) When I am connected outside my LAN, all mail works perfectly using wan.ip (e-mail ports are forwarded). My e-mail server sends / receives all e-mails perfectly fine.

2.1) When I am inside my LAN, trying to connect to wan.ip with any mail related program - "Connection refused"

2.2) When I am inside my LAN, with any mail related program all mail works perfectly using 192.168.1.91 (instead of wan.ip)

So, how do I tell to my router's firewall to accept all LAN requests for wan.ip and direct them to the 192.168.1.91?

Editing many local hosts file is not an answer. Using own local DNS server requires changes on each of the computers: could be used, but I would strongly prefer to avoid it. If editing hosts at the router itself would work I would accept that.
The hosts file trick works. But you do it on the router.
Create /jffs/config/dnsmasq.conf.add
Then add your server like so:
server/<DDNS domain>/192.168.1.91

server/myserver.ddns.com/IP is an example

Save it and restart dnsmasq with:
service restart_dnsmasq

Now all your clients on your LAN sould work with your mail server locally.
 
Excellent, seems exactly what I wanted. Many thanks.

But, funny thing is: while I was testing, switching from Merlin to Asus loopback, no changes were observed. So, I left out working on other things that needed work. Two days later, I tested IMAP server, and suddenly everything worked flawlesly! Even the internal test of my mail server reported All OK.

It would appear that when I was changing NAT Loopback settings and trying them out, they did not "catch up". But, when left alone on Asus settings (and doing other stuff, some testing on port forwarding, but not resetting a router) something got changed and now Asus loopback kicked in and works as advertised on this model: works well!
 
The hosts file trick works. But you do it on the router.
server/<DDNS domain>/192.168.1.91
...
Now all your clients on your LAN sould work with your mail server locally.

My router again lost its free memory, and of all apps, dnsmasq was comlaining about ianbility to save data :) After a restart, my above problem naturally returned. Since I did not know how it was fixed previously, now I decided to do a better job.

Your advice gave me the solution, but the syntax was not as you wrote. I had to change the line:

server/<DDNS domain>/192.168.1.91

into:

Code:
address=/<DDNS domain>/192.168.1.91

All other info was spot on, and now it seems to work perfectly. I have left the NAT loopback on Asus, but I do not see it being relevant.

Again, many thank for providign me with a solution!
 
I am in a double NAT environment too.
The last time I remember loopback working was in 380.56 or 380.57.

NAT1 (ISP Gateway) 192.168.1.1
NAT2 (Asus Router) 192.168.2.1 (WAN: 192.168.1.2)
192.168.1.2 would take me to the Asus Router login page from NAT2.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top