Suppose you have this setup:
- untagged LAN
- VLAN (with inter-VLAN communication enabled)
- Firewall rule preventing VLAN to LAN connection
What should happen if you are on the VLAN, and connect to a public IP address which is port-forwarded back to a server on your LAN?
- the connection should succeed : the logic is that with Hairpin NAT, the peplink router will treat this connection as if it were coming from the public WAN, and since the WAN is allowed connection, this connection should be allowed.
- connection fails: even though the public WAN can access this port, the firewall rule says “VLAN may not access LAN” and so it fails.
It seems as if #2 is the current behavior.
Any opinions as to what is “correct” in this case?