I am new to Ipfire and I am starting to get familiar with it.
I’ve tested pfsense, opnsense, sophos utm and XG, but only Ipfire was 100% compatible with my hardware used.
After testing and exprimenting with the firewall, I got stuck with NAT Loopback (Accessing a server that is connected to the local network through the public IP of the router). It seems that this is not supported out of the box by Ipfire. So I would like to accomplish this task using iptables.
I am aware of a solution where one can edit a host in Ipfire so that the local dns redirects to the local IP of the server. Unfortunately this solution is only a workaround. In fact it does not work when using different ports on public and local interface for the same service on the server.
As mentioned in the wiki I edited the firewall.local file and added the follwing two lines in the start area:
iptables -t nat -A CUSTOMPREROUTING -i green0 -s 192.168.0.0/24 -d red0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.0.60:443
iptables -t nat -A CUSTOMPOSTROUTING -o green0 -s 192.168.0.0/24 -d 192.168.0.60/32 -p tcp -m tcp --dport 443 -j SNAT --to-source 192.168.0.1
and for the stop section:
for c in CUSTOMPREROUTING CUSTOMPOSTROUTING; do
iptables -t nat -F $c
iptables -t nat -Z $c
In that way the packets sent to the server through his public IP (red0) should be adapted by Ipfire so that the they will be routed internally to the server’s local IP. (Server’s IP is 192.168.0.60, Ipfire is 192.168.0.1)
Unfortunately I got for every try a DROP_FORWARD Entry in the Firewall log.
The default behavior of the firewall is set to block with few firewall allow rules from outside. Can someone please help me what extctly is needed to set in the firewall so that the above traffic (and only that one) will be allowed?
Thanks in advance.