Configuring an Advanced NAT Rule to Support NAT Hairpinning

NAT hairpinning allows the hosts at LAN side to access internal servers by using their respective external IP addresses (public IP addresses). This section provides a configuration example about how to create an advanced NAT rule to support NAT hairpinning.

1. Go to the Networking > Address Management page to create a host address object with the IP 192.168.10.100 called “FTPServer.” The FTP server locates in the LAN zone.

2. Go to the Firewall > NAT > Port Forwarding page to create a port forwarding rule as follows.

Original Service	FTP-CONTROL
Translated Service	FTP-CONTROL
Translated IP	FTPServer
WAN	WAN1
WAN IP	WAN1_IP
Enable Port Forwarding	On
Create Firewall Rule	On

3. A firewall rule will be automatically created as follows to allow access.

From Zone	WAN
To Zone	LAN
Services	FTP-CONTROL
Source Address	ANY
Destination Address	FTPServer
Match Action	Permit

4. Then go to the Firewall > NAT > Advanced NAT page to create an advanced NAT rule as follows.

From	DEFAULT
To	Any
Original Source Address	DEFAULT_NETWORK
Original Destination Address	WAN1_IP
Original Services	FTP-CONTROL
Translated Source Address	WAN1_IP
Translated Destination Address	FTPServer
Translated Services	FTP-CONTROL