Internal NAT destination port rule not working

dnat
hairpin

#1

Hi, I’m new to VyOS and replace my router with a virtual one with it.
Make the following configuration:

interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        hw-id 00:0c:29:b9:1d:1d
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        address 172.16.6.1/24
        description LAN
        hw-id 00:0c:29:b9:1d:27
    }
    loopback lo {
    }
}
nat {
    destination {
        rule 1100 {
            destination {
                port 443
            }
            inbound-interface eth0
            protocol tcp
            translation {
                address 172.16.6.2
                port 443
            }
        }
        rule 1201 {
            destination {
                address (WAN-IP)
                port 9922
            }
            inbound-interface eth0
            protocol tcp
            translation {
                address 172.16.6.138
                port 22
            }
        }
    }
    source {
        rule 1 {
            outbound-interface eth0
            source {
                address 172.16.6.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}

The problem I have is that from outside my network I can access, for example, port 443 with the IP of my WAN, but from within my LAN it does not.

Any idea why that happens?


#2

NAT Reflection (aka hairpin NAT) examples available here, scroll to the bottom of page.


#3

it worked perfectly !