Chapter 16 Virtual Servers
NAT Loopback Policy Route
Without a NAT loopback policy route, the LAN1 user SMTP traffic goes to the LAN1 SMTP server with the LAN1 computer’s IP address as the source. The source address is in the same subnet, so the LAN1 SMTP server replies directly. The return traffic uses the SMTP server’s LAN1 IP address as the source address3. This creates a triangle route since the source does not match the original destination address (1.1.1.1). The user’s computer shuts down the session.
Figure 225 Triangle Route
LAN1 | Source 192.168.1.21 |
| ||
|
|
|
|
|
192.168.1.21 | SMTP |
| 192.168.1.89 | |
|
| |||
Configure a policy route to use the IP address of the ZyWALL’s LAN1 interface, 192.168.1.1 as the source address of the traffic going to the LAN1 SMTP server from the LAN1 users. This way the LAN1 SMTP server replies to the ZyWALL and the ZyWALL applies NAT.
Figure 226 NAT Loopback Policy Route
|
|
| NAT | ||
Source 192.168.1.1 | Source 192.168.1.89 | ||||
| SMTP |
|
| SMTP |
|
LAN1
192.168.1.21192.168.1.89
Click Network > Routing > Policy Route > Add and create the policy route as shown next. Be careful of where you create the route as routes are ordered in descending priority. This policy route applies source NAT to traffic sent from LAN1 to the SMTP server.
3.Even if the packets go through the ZyWALL, they only undergo layer 2 switching, not NAT.
| 319 |
ZyWALL USG 100/200 Series User’s Guide | |
|
|