D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: bbain on May 06, 2016, 05:26:27 AM

Title: nat hairpin/loopback/reflection
Post by: bbain on May 06, 2016, 05:26:27 AM

I have seen several references here to this, and 1 post that actually attempts to give some config examples, but no definitive answers.

I commissioned a dfl-260e yesterday, everything went well except for smartphone access to exchange from the internal lan.  Because of some quirks in the configuration that I inherited from a previous tech, the phones are all set up with the public IP (wanIP) as the server address to access the mail server.  This works fantastic outside the lan, but needs the nat loopback inside the lan.

I followed this http://forums.dlink.com/index.php?topic=7444.0 but something is missing as it does not work.

Thanks for any help you can provide.

Title: Re: nat hairpin/loopback/reflection
Post by: FurryNutz on May 06, 2016, 07:00:28 AM

Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)

• What Hardware version is your DFL? Look at sticker under the DFL case.
• Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the DFLs web page under status.
• What region are you located?

Title: Re: nat hairpin/loopback/reflection
Post by: bbain on May 06, 2016, 07:25:34 AM

HW rev is A I do believe (it is at a remote location and I can't put my eyes on it at the moment)

FW 10.21.02.01

I am in North America.

Title: Re: nat hairpin/loopback/reflection
Post by: Rara Avis on May 07, 2016, 09:46:15 AM

With the new UI, you can skip the whole 2 rules confusing process and just add one policy and hairpinning will "just work". If you survived the IP rule procedure it should be straight forward, just disable your old rules and a policy instead.

In case anyone needs to know the old process, the problem with hairpinning is that you either have to NAT the source address (and probably only want to do that for internally sourced traffic if any) or you will violate the IP Access rules.  This means you usually use three IP rules or play around with access rules.

(http://i.imgur.com/ykeJNsh.png)

Title: Re: nat hairpin/loopback/reflection
Post by: bbain on May 12, 2016, 11:48:32 AM

What is the source you have in there? Wan_lan?  I don't see that.  Is it a group of some sort? I tried using the WanIp and the LanIP and neither worked.

I have the phones working internally now using split horizon DNS but that breaks something else (but that issue is minor, I can live with it temporarily)

Title: Re: nat hairpin/loopback/reflection
Post by: FurryNutz on June 01, 2016, 07:01:57 AM

Any status on this?  ???

Title: Re: nat hairpin/loopback/reflection
Post by: bbain on October 20, 2016, 10:01:21 AM

Quote from: FurryNutz on June 01, 2016, 07:01:57 AM

Any status on this?  ???

I gave up on the nat hairpin/loopback/reflection as it was taking too much time to sort out.

I went with split horizon DNS and fixed the minor problem it caused and things have been humming along without a problem for a couple months.

Title: Re: nat hairpin/loopback/reflection
Post by: FurryNutz on October 20, 2016, 10:07:18 AM

Thanks for letting us know.

 ;)