asked on
EdgeOS intercepts HTTP request instead of following NAT
Working with an ER Pro8 ubiquiti edge router.
Have 13 public IP addresses, have added 3 to our WAN eth0 port.
One of them, 100.36.x.77 is the public IP for a new mail server I'm provisioning.
Port 80 requests inbound to that address are being mis-interpreted as "WAN Local" traffic and I get the login for the edgerouter instead of the debian 9 apache response from the internal server.
This is my first edgerouter and I'm at a loss after playing with this for several hours with no change in response.
I have two separate servers behind the router, both on eth1:
192.168.2.8 is my domain controller
192.168.2.2 is the new mail server I'm trying to provision.
192.168.2.0/25 is the subnet on eth1 (a 48 port ubiquiti switch)
192.168.2.128/25 is the subnet on eth2 (a separate 24 port ubiquiti switch)
Port 80 traffic seems to stop at the eth0 WAN interface.
External traffic to 100.36.x.77 is the destination that's being intercepted by the EdgeOS software. There are Destination NAT entries to translate inbound traffic on 100.36.x.77 to 192.168.2.2. I just created separate rules for ports 80 and 443 per this post:
https://help.ubnt.com/hc/en-us/articles/204952134-EdgeMAX-NAT-Hairpin-Nat-Inside-to-Inside-Loopback-Reflection-
This seems to imply that inbound traffic at the WAN port needs a separate NAT rule at the eth1 port to "catch" the traffic captured by the WAN eth0 port.
I am modifying a configuration that started with the WAN+2LAN(2?) auto configuration.
This is my first question on Experts Exchange and I am most grateful for any suggestions. I was hired as an expert on "Everything" and I am indebted to Experts Exchange for the many useful posts I have previously found on a variety of subjects.
If you need CLI info please provide the commands necessary and I'll pull whatever you need.
Thanks a bunch,
Phil
Have 13 public IP addresses, have added 3 to our WAN eth0 port.
One of them, 100.36.x.77 is the public IP for a new mail server I'm provisioning.
Port 80 requests inbound to that address are being mis-interpreted as "WAN Local" traffic and I get the login for the edgerouter instead of the debian 9 apache response from the internal server.
This is my first edgerouter and I'm at a loss after playing with this for several hours with no change in response.
I have two separate servers behind the router, both on eth1:
192.168.2.8 is my domain controller
192.168.2.2 is the new mail server I'm trying to provision.
192.168.2.0/25 is the subnet on eth1 (a 48 port ubiquiti switch)
192.168.2.128/25 is the subnet on eth2 (a separate 24 port ubiquiti switch)
Port 80 traffic seems to stop at the eth0 WAN interface.
External traffic to 100.36.x.77 is the destination that's being intercepted by the EdgeOS software. There are Destination NAT entries to translate inbound traffic on 100.36.x.77 to 192.168.2.2. I just created separate rules for ports 80 and 443 per this post:
https://help.ubnt.com/hc/en-us/articles/204952134-EdgeMAX-NAT-Hairpin-Nat-Inside-to-Inside-Loopback-Reflection-
This seems to imply that inbound traffic at the WAN port needs a separate NAT rule at the eth1 port to "catch" the traffic captured by the WAN eth0 port.
I am modifying a configuration that started with the WAN+2LAN(2?) auto configuration.
This is my first question on Experts Exchange and I am most grateful for any suggestions. I was hired as an expert on "Everything" and I am indebted to Experts Exchange for the many useful posts I have previously found on a variety of subjects.
If you need CLI info please provide the commands necessary and I'll pull whatever you need.
Thanks a bunch,
Phil
Routers
Last Comment
Phil