x64 wrote:
From my experience with a 2862.I've had significant issues some of which involve NAT loopback.
Consider the following possibilities.
Default firewall rule set to BLOCK might affect reverse NAT include NAT loopback I found that I'ls impossible to write a rule to 're-allow' the traffic. (This WAS an issue for me in 2.8.9.2_BT- not sure if it was fixed in 3.8.9.3_BT). In the 2862 this does seem better in 3.9.0_BT. I worked around this by leaving the rule to allow and writing explicit f/w rules to block other traffic (in addition of course to rules to allow the traffic I wanted to pass)
Interaction of Use of multiple external IP addresses, IP Aliases to support them, and IP routed subnet (to a separate network LAN definition), alongside 'normal' NAT. The underlying issue remains even to 3.9.0_BT on the 2862. With the IP routed subnet configuration, NAT loopback from a device behind NAT on the default IP could not access a device published behind reverse NAT on an alias.
Okay, well that made some difference as you said I changed the default rule to pass, and then WAN > LAN Block if not further matches with all my allow rules below.
LOOPBACK now works for the main WAN IP Address but as you say not for any of the VIP's regardless of weather they are in the nat pool or not, is this the point at which I raise a support request with draytek? this was an expensive router that can not do something most basic models can do, really makes me mad.
