Wait a minute. I don’t understand. What does it mean to access the server from the internal network? Why set the bridge interface as the inbound interface of DNAT? Why set the bridge interface as the outbound interface of SNAT?
I have a server at home which his ip is 172.16.10.6. I forwarded 28058 port on my WAN (pppoe). From this part, remote users are able to connect to my server via my WAN IP Address without any problem.
I have some computer that I want to get connected to the server via the external IP address even if they are in the same network as the server. I don’t want to specify the internal IP on my client. I want the client to be able to use the external IP (WAN) to get connected to the server.
My client IP is 172.16.10.60
Why I specified br0 ? it’s because eth0, eth2 and eth4 are in the bridge
First of all, I’m not sure I understand your problem, but I think your configuration is wrong.
The configuration of NAT has certain directionality. The exit of SNAT generally refers to Wan, while the entrance of DNAT generally refers to WAN
Your topology description is a bit confusing, so I’m not sure where you said the intranet is and where a bunch of servers are located
When the internal network wants to access the external network area of Wan, it only needs to configure SNAT in the router for source address translation
When a computer in an external network wants to access an intranet server, it also needs DNAT
If there are multiple servers in your internal network that need to be exposed to the external network, there are the following situations:
a) Multiple servers use the same port, such as providing web services. In this case, you need to configure DNAT rules. When translating the external address to the destination of the intranet address, you can route to the correct reverse proxy server according to the set rule port. Please note that this requires DNAT port mapping
b) Multiple servers use different ports. In this case, you need to configure DNAT rules. When translating the external address to the destination of the intranet address, you can route to the correct server according to the set rule port. Please note that this requires DNAT port mapping