Robin Gruyters

Hairpin NAT not working on 1490 with R77.20.70

Discussion created by Robin Gruyters on Nov 27, 2017
Latest reply on Nov 29, 2017 by Hugo van der Kooij

I need to configure a hairpin NAT on my gateway to allow Sonos connect to the internal Plex server.

 

I have defined a server in the Firewall -> Servers section and configured it with the option "Force translated traffic to return to the gateway", which stated "Allows access from internal networks to the external IP address of the server via local switch".

 

 

When sending traffic I can see that the gateway is allowing the traffic to pass, but it sends a reset back.

 

[vs_0][fw_2] LAN1:i[64]: 172.31.13.79 -> 178.84.193.195 (TCP) len=64 id=0
TCP: 62339 -> 56789 .S.... seq=5b68c0d2 ack=00000000
[vs_0][fw_2] LAN1:I[64]: 172.31.13.79 -> 178.84.193.195 (TCP) len=64 id=0
TCP: 62339 -> 56789 .S.... seq=5b68c0d2 ack=00000000
[vs_0][fw_2] LAN1:i[64]: 172.31.13.79 -> 178.84.193.195 (TCP) len=64 id=0
TCP: 62340 -> 56789 .S.... seq=1fbd82fb ack=00000000
[vs_0][fw_2] LAN1:I[64]: 172.31.13.79 -> 178.84.193.195 (TCP) len=64 id=0
TCP: 62340 -> 56789 .S.... seq=1fbd82fb ack=00000000
[vs_0][fw_2] LAN1:o[40]: 178.84.193.195 -> 172.31.13.79 (TCP) len=40 id=14750
TCP: 56789 -> 62339 ..R.A. seq=00000000 ack=5b68c0d3
[vs_0][fw_2] LAN1:O[40]: 178.84.193.195 -> 172.31.13.79 (TCP) len=40 id=14750
TCP: 56789 -> 62339 ..R.A. seq=00000000 ack=5b68c0d3
[vs_0][fw_2] LAN1:o[40]: 178.84.193.195 -> 172.31.13.79 (TCP) len=40 id=14751
TCP: 56789 -> 62340 ..R.A. seq=00000000 ack=1fbd82fc
[vs_0][fw_2] LAN1:O[40]: 178.84.193.195 -> 172.31.13.79 (TCP) len=40 id=14751
TCP: 56789 -> 62340 ..R.A. seq=00000000 ack=1fbd82fc

The logging shows that all translated info is zero. (see attachment)

How can I get this to work?

Outcomes