Hello,
Currently we use source NAT to access the Internet from LAN:
pool src-nat-pool-office {
address {
1.1.1.2/32;
}
}
rule-set rs1 {
from zone trust;
to zone untrust;
rule office-nat {
match {
source-address 192.168.4.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
src-nat-pool-office;
}
}
}
}
}
In the same time we use destination NAT to access some resources from the Internet using one of our public IP addresses (BGP):
pool server1 {
address 192.168.4.123/32;
}
rule-set dnat-rs1 {
from zone untrust;
rule r1 {
match {
destination-address 1.1.1.3/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
server1;
}
}
}
}
Now, we would like to access the "server1" from LAN using public IP address - 1.1.1.3 (this one from destination NAT). How to do that? I read something about NAT hairpinning, but I'm not sure how to use it here.
Can I ask for help? 🙂