ZS 1.0 beta16
I’m configured as a Router doing NAT on the wan interface.
Everything seems to be working with multiple IP addresses
on the wan side and port forwarding to the inside, however…
When I use a VPN client on the outside who assigns addresses like 172.17.0.0,
port forwarding does not work. In working with other NAT boxes
I’ve noticed that it is common to block private addresses through
the box, i.e. 10.0.0.0 , 184.108.40.206 etc… Can’t find this on ZS.
For example: I have a system on the inside 192.168.1.4 and an address
on the wan side of ZS with address 220.127.116.11. Port forwarding from
18.104.22.168:22 to 192.168.1.4:22. Works fine when I ssh to this system from
an address like 22.214.171.124. When I use a vpn client, times out.
From 126.96.36.199 to the ZS box itself, 188.8.131.52 works without using vpn.
With vpn, times out.
I’ve put iptables rules in:
>setup>ssh allow 172.17.0.0/16
iptables INPUT Chain position 1
all –s 172.17.0.0/16 all –j ACCEPT
-s 172.17.0.0/16 ALL –J accept
-d 172.17.0.0/16 ALL –J accept
all –d 172.17.0.0/16 –j ACCEPT