We have a SonicWall TZ 400 with a Comcast Modem in Bridge Mode. Everything works fine, except the fact that the exposed services on the LAN couldn´t be reached using the public IP of the WAN from the LAN zone.
We tried these steps with NAT Policies but doesn´t work.
https://www.sonicwall.com/en-us/support/knowledge-base/170505780814635
This is the NAT policy configured only for test the access of the dot200 Services:
These are the firewall rules WAN-LAN:
This is the only LAN-WAN rule configured:
Monitoring the packets we have this log:
*Packet number: 1220*
Header Values:
Bytes captured: 62, Actual Bytes on the wire: 62
Packet Info(Time:01/25/2019 12:53:49.112):
in:X0*(interface), out:--, DROPPED, Drop Code: 717(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2118_qpmjdzDifdl), 2:1)
Ethernet Header
Ether Type: IP(0x800), Src=[b8:ca:3a:9a:83:69], Dst=[xx:xx:xx:xx:xx:xx]
IP Packet Header
IP Type: TCP(0x6), Src=[10.1.10.6], Dst=[xx.xx.xx.xx]
TCP Packet Header
TCP Flags = [SYN,], Src=[61006], Dst=[81], Checksum=0x7bd7
Application Header
Not Known
What we done wrong?
Best Answer
It sounds like what you want is hairpin routing. This is not a good idea because it is suboptimal routing, involving NAT (a kludge that should be avoided whenever possible), and it unnecessarily burdens your firewall and slows your communication.
If you really want to do it, there are documents describing how. For example, this one: