This is kind of a theoretical question.
I have WAN1 and WAN2. WAN2 has NAT.
WAN1 has some public IP addresses with DNS, and selected public ports are forwarded to internal LAN IPs.
There’s an Internal firewall rule saying to block packets from LAN2 to LAN1.
Here’s the weird thing:
- if LAN 2 makes an attempt to access one of the public servers on WAN1, it is blocked.
I suspect what’s happening is that hairpin NAT is operating, and the Peplink realizes “hey, that public IP address is forwarding from an IP on WAN1 to a LAN1 IP, so I’ll just shortcut and route directly from LAN2 to LAN1.”
Then it says “But I have a firewall rule saying LAN2 may not access LAN1, so I will block it”.
This is definitely an edge-case. What’s the “right” thing to do in this situation?