Reply
Member
Posts: 144
Registered: ‎02-09-2016
Kudos: 24
Solutions: 1

Re: USG and CTF/hairpin/Loopback?

No it is not the WAN IP (I wouldnt publish that) it is the IP for a mobile oriented website cued by QR Codes and NFC tags onsite that needs redirecting to different local webserver ports dependent upon SSID/Network.

Member
Posts: 144
Registered: ‎02-09-2016
Kudos: 24
Solutions: 1

Re: USG and CTF/hairpin/Loopback?

@UBNT-cmb considering "there's not much to it" it seems impossible to get any help with this. I need a fix desperately - I have 11 staff and 10,000 students using this redirection

Member
Posts: 144
Registered: ‎02-09-2016
Kudos: 24
Solutions: 1

Re: USG and CTF/hairpin/Loopback?

@UBNT-cmb it would be nice to know if you are consulting about this? Have given up on it? It cant be done?

I have tried repeatedly to get assistance and UniFi are seriously letting me down here

Highlighted
Regular Member
Posts: 752
Registered: ‎12-05-2016
Kudos: 243
Solutions: 78

Re: USG and NAT/hairpin/Loopback?

Seems to me like split dns would solve this. Internal dns returns internal ip, external returns external.

Cain Tech Solutions | Hosted UniFi/UNMS | Other Services | Service Eastern NC and more!

Member
Posts: 144
Registered: ‎02-09-2016
Kudos: 24
Solutions: 1

Re: USG and NAT/hairpin/Loopback?

[ Edited ]

I need port differentiation based on SSID - assuming that it is even possible to specify port through DNS wouldnt that require 4 individual DNS servers?

Member
Posts: 144
Registered: ‎02-09-2016
Kudos: 24
Solutions: 1

Re: USG and NAT/hairpin/Loopback?

Gee thanks UniFi, your wonderful support makes life so easy - its enough to send me back to MikroTik where their staff do actually know the hardware they sell and how to use it.

 

Im now writing a solution to the "theres nothing to it really" problem Ive been having;

{
 "firewall": {
  "name": {
   "LAN_OUT": {
    "default-action": "accept",
    "description": "packets from LAN/OranaNet",
    "rule": {
     "6001": {
      "action": "accept",
      "description": "LAN to Webserver",
      "source": {
       "address": "192.168.1.0/24"
      },
      "destination": {
       "address": "138.128.191.146"
      },
      "inside-address": {
       "address": "192.168.1.110"
      },
      "inside-address": {
       "port": "802"
      }
     }

    }
   },
   "GUEST_OUT": {
    "default-action": "accept",
    "description": "packets from Guest networks",
    "rule": {
     "6002": {
      "action": "accept",
      "description": "OranaWiFi to Webserver",
      "source": {
       "address": "192.168.10.0/24"
      },
      "destination": {
       "address": "138.128.191.146"
      },
      "inside-address": {
       "address": "192.168.1.110"
      },
      "inside-address": {
       "port": "802"
      }
     },
     "6003": {
      "action": "accept",
      "description": "SchoolWiFi1 to Webserver",
      "source": {
       "address": "192.168.20.0/24"
      },
      "destination": {
       "address": "138.128.191.146"
      },
      "inside-address": {
       "address": "192.168.1.110"
      },
      "inside-address": {
       "port": "803"
      }
     },
     "6004": {
      "action": "accept",
      "description": "SchoolWiFi2 to Webserver",
      "source": {
       "address": "192.168.30.0/24"
      },
      "destination": {
       "address": "138.128.191.146"
      },
      "inside-address": {
       "address": "192.168.1.110"
      },
      "inside-address": {
       "port": "804"
      }
     }

    },
    "service": {
     "nat": {
      "rule": {
       "5010": {
        "description": "Masquerade for WAN",
        "outbound-interface": "eth0",
        "type": "masquerade"
       }
      }
     }
    }
   }
  }
 }
}

 

So;

Are the rule numbers correct?

Will this "merge" with my configuration from the UniFi controller?

       Or will it "update"?

Will it perform the desired task?

Reply