I would like to have my "dmz"-connected visitors to be able to access services by their global DNS IP (wan) that are redirected to another zone, let's say "lan".
- openwrt wan - 12.23.34.45
- client is sitting in dmz - 192.168.2.101
- httpd is in lan - 192.168.1.2, configured for vhost someservice.net (resolves to 12.23.34.45)
Now dmz guy tries to access someservice.net with his browser and therefore will try to connect to 12.23.34.45:80, which in my imagination should go through wan zone, then get redirected back to lan.
Somewhere along the chains openwrt blocks this, because this connection does not succeed.
My traffic control configuration currently looks like this:
- lan -> wan
- dmz -> wan
- lan -> vpn
- lan -> dmz
Any pointers welcome!
This particular scenario was an OpenWRT NAT loopback configuration issue. Looking at the changelog, this was implemented in base system /etc/hotplug.d/firewall/10-nat-reflection only starting from 10.03.1-rc4 (which I am running), but LuCI 0.9 is only able to assign redirects into "lan" zone. According to an OpenWRT developer LuCI 0.10 will be able to assign redirects to other zones as well. For now doing a manual redirect in /etc/config/firewall with "option dest dmz" will achieve the desired result.