Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 12
Registered: ‎05-01-2016
Accepted Solution

SNAT Loopback (aka Hairpin) Question

So, I've been setting up my new EdgeRouter Lite and figuring out how to do SNAT Loopback.  I feel like maybe there is a simpler way, as I feel like it's a lot of work compared to what I've used in the past (e.g. Endian Firewall, WatchGuard).

 

I've created a "Masquerade for LAN1" (eth1) with source 10.0.1.0/29, destination 10.0.1.0/29, use masquerade and all protocols.  I have then "copied" all my DNAT rules and edited the copy to append to the name "(MASQ)" and change the incoming port from pppoe0 to other -> eth+  ... save.

 

Is this the process or is there a simpler way of doing this?  I've read in some posts that since v1.4 it's as simple as a "checkbox" ... where is this elusive checkbox that would save me all this time?  LOL

 

I see one on the port forwarding tab, but not really sure what that tab is even for?  Is it a simplified version of DNAT where only 1 public IP is used?

 

Anyways, thought I would ask the question in case there is some quicker way (as I just duplicated 20 DNATs LOL).

 

Thanks in advance!

M.


Accepted Solutions
Senior Member
Posts: 4,294
Registered: ‎03-24-2016
Kudos: 1201
Solutions: 503

Re: SNAT Loopback (aka Hairpin) Question

In simple setups (single LAN , single WAN IP) the portmap tab works fine. Configuring hairpin is done by just setting the checkbox.

 

If you do manual NAT rules, it takes 3 rules for a single hairpinned portmap.  (2xDNAT 1xSNAT)

View solution in original post


All Replies
Senior Member
Posts: 4,294
Registered: ‎03-24-2016
Kudos: 1201
Solutions: 503

Re: SNAT Loopback (aka Hairpin) Question

In simple setups (single LAN , single WAN IP) the portmap tab works fine. Configuring hairpin is done by just setting the checkbox.

 

If you do manual NAT rules, it takes 3 rules for a single hairpinned portmap.  (2xDNAT 1xSNAT)

Reply