This is kind of a theoretical question.
I have WAN1 and WAN2. WAN2 has NAT.
-
WAN1 has some public IP addresses with DNS, and selected public ports are forwarded to internal LAN IPs.
-
There’s an Internal firewall rule saying to block packets from LAN2 to LAN1.
Here’s the weird thing:
- if LAN 2 makes an attempt to access one of the public servers on WAN1, it is blocked.
I suspect what’s happening is that hairpin NAT is operating, and the Peplink realizes “hey, that public IP address is forwarding from an IP on WAN1 to a LAN1 IP, so I’ll just shortcut and route directly from LAN2 to LAN1.”
Then it says “But I have a firewall rule saying LAN2 may not access LAN1, so I will block it”.
This is definitely an edge-case. What’s the “right” thing to do in this situation?