I know this question exist in a dozen forms already but most were about commercial wifi routers etc.
I have an Ubuntu 20.04LTS box with a bunch of interfaces set up as a firewall/NAT box, one of the interfaces is a WAN interface.
I have a bunch of port forwards on the WAN interface (enp4s0f0) to different internal hosts, rules like these (btw all rules below are on the "nat" chain):
-A PREROUTING -i enp4s0f0 -p tcp -m tcp --dport 8181 -j DNAT --to-destination 10.0.0.50:22
(forwards incoming WAN connections at port 8181 to the host 10.0.0.50, ssh port)
But if I'm on an internal host I also want to be able to reach this port forward without going explicitly to the other internal host, for example I have a DNS that already points to the WAN IP. "Out of the box" this doesn't work (I guess because of the explicit interface specification of the WAN if), so I've tried adding stuff to iptables but neither of the two extra rules I added seem to work:
-A PREROUTING -d -p tcp --dport 8181 -j DNAT --to-destination 10.0.0.50:22
-A PREROUTING -i enp3s0f0 -p tcp --dport 8181 -j DNAT --to-destination 10.0.0.50:22
(enp3s0f0 is the LAN interface on the internal network)
I guess I'm missing some simple magic here.
Would be cool to have a "catch all" rule that would make all packets originating from the internal LAN destined for the WAN interface to end up there before the WAN=>LAN port forwarding rules take place, then I wouldn't have to worry to setup new matching extra rules whenever I add a WAN port forward.
UPDATE: maybe my original port forwarding rule should be changed, the one that now explicitly specifies the WAN eth interface name. I got this setup from numerous tutorials and it works fine for external clients.
enp3s0f0
interface or are they on different LAN interfaces? In all those questions, the real cause is not exactly "LAN vs WAN" – more precisely it is "client & server are in the same subnet". Does that apply to your situation?