ZS 1.0 beta16
I’m configured as a Router doing NAT on the wan interface.
Everything seems to be working with multiple IP addresses
on the wan side and port forwarding to the inside, however…
When I use a VPN client on the outside who assigns addresses like 172.17.0.0,
port forwarding does not work. In working with other NAT boxes
I’ve noticed that it is common to block private addresses through
the box, i.e. 10.0.0.0 , 18.104.22.168 etc… Can’t find this on ZS.
For example: I have a system on the inside 192.168.1.4 and an address
on the wan side of ZS with address 22.214.171.124. Port forwarding from
126.96.36.199:22 to 192.168.1.4:22. Works fine when I ssh to this system from
an address like 188.8.131.52. When I use a vpn client, times out.
From 184.108.40.206 to the ZS box itself, 220.127.116.11 works without using vpn.
With vpn, times out.
I’ve put iptables rules in:
>setup>ssh allow 172.17.0.0/16
iptables INPUT Chain position 1
all –s 172.17.0.0/16 all –j ACCEPT
-s 172.17.0.0/16 ALL –J accept
-d 172.17.0.0/16 ALL –J accept
all –d 172.17.0.0/16 –j ACCEPT