ZS 1.0 beta16
I’m configured as a Router doing NAT on the wan interface.
Everything seems to be working with multiple IP addresses
on the wan side and port forwarding to the inside, however…
When I use a VPN client on the outside who assigns addresses like 172.17.0.0,
port forwarding does not work. In working with other NAT boxes
I’ve noticed that it is common to block private addresses through
the box, i.e. 10.0.0.0 , 188.8.131.52 etc… Can’t find this on ZS.
For example: I have a system on the inside 192.168.1.4 and an address
on the wan side of ZS with address 184.108.40.206. Port forwarding from
220.127.116.11:22 to 192.168.1.4:22. Works fine when I ssh to this system from
an address like 18.104.22.168. When I use a vpn client, times out.
From 22.214.171.124 to the ZS box itself, 126.96.36.199 works without using vpn.
With vpn, times out.
I’ve put iptables rules in:
>setup>ssh allow 172.17.0.0/16
iptables INPUT Chain position 1
all –s 172.17.0.0/16 all –j ACCEPT
-s 172.17.0.0/16 ALL –J accept
-d 172.17.0.0/16 ALL –J accept
all –d 172.17.0.0/16 –j ACCEPT