ZS 1.0 beta16
I’m configured as a Router doing NAT on the wan interface.
Everything seems to be working with multiple IP addresses
on the wan side and port forwarding to the inside, however…
When I use a VPN client on the outside who assigns addresses like 172.17.0.0,
port forwarding does not work. In working with other NAT boxes
I’ve noticed that it is common to block private addresses through
the box, i.e. 10.0.0.0 , 220.127.116.11 etc… Can’t find this on ZS.
For example: I have a system on the inside 192.168.1.4 and an address
on the wan side of ZS with address 18.104.22.168. Port forwarding from
22.214.171.124:22 to 192.168.1.4:22. Works fine when I ssh to this system from
an address like 126.96.36.199. When I use a vpn client, times out.
From 188.8.131.52 to the ZS box itself, 184.108.40.206 works without using vpn.
With vpn, times out.
I’ve put iptables rules in:
>setup>ssh allow 172.17.0.0/16
iptables INPUT Chain position 1
all –s 172.17.0.0/16 all –j ACCEPT
-s 172.17.0.0/16 ALL –J accept
-d 172.17.0.0/16 ALL –J accept
all –d 172.17.0.0/16 –j ACCEPT