search

jadedeane / natanator

Unifi OS persistent network modification service
26 stars 5 forks source link

NAT seems to be off, but not entirely? #2

Closed rogiermaas closed 1 year ago

rogiermaas commented 1 year ago

Hi!

I've installed natanator on my UDM-SE (3.0.13, network: 7.3.83) and my DrayTek Vigor 3910 behind it now sees all the client IP's. However, not the sessions they're creating. It can do load balancing just fine on IP's so that works. However, by doing this, my Guest Portal seems to be broken. I'm not getting a redirect to the internal Portal page. Sometimes with new clients I do, but then they are being redirected to the management-networks' IP-address (which works by the way) but many of my clients cannot auth. When it sometimes works, they do have internet access, just no DNS lookups, so doing anything online is not possible. Pinging 1.1.1.1 works just fine.

Here is my -t nat target, it looks quite different from your output in your manual; perhaps you can find a way to work around this?

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNSFILTER  all  --  anywhere             anywhere
UBIOS_PREROUTING_JUMP  all  --  anywhere             anywhere

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
UBIOS_INPUT_JUMP  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
UBIOS_OUTPUT_JUMP  all  --  anywhere             anywhere

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain DNSFILTER (1 references)
target     prot opt source               destination
DNAT       tcp  --  192.168.180.0/22     anywhere             tcp dpt:domain to:203.0.113.3:53
DNAT       udp  --  192.168.180.0/22     anywhere             udp dpt:domain to:203.0.113.3:53
DNAT       tcp  --  192.168.10.0/24      anywhere             tcp dpt:domain to:203.0.113.2:53
DNAT       udp  --  192.168.10.0/24      anywhere             udp dpt:domain to:203.0.113.2:53

Chain UBIOS_INPUT_JUMP (1 references)
target     prot opt source               destination

Chain UBIOS_OUTPUT_JUMP (1 references)
target     prot opt source               destination

Chain UBIOS_POSTROUTING_JUMP (0 references)
target     prot opt source               destination
UBIOS_POSTROUTING_USER_HOOK  all  --  anywhere             anywhere

Chain UBIOS_POSTROUTING_USER_HOOK (1 references)
target     prot opt source               destination
SNAT       all  --  192.168.180.0/22     anywhere             /* 00000001095216660481 */ to:192.168.100.254
MASQUERADE  all  --  anywhere             anywhere             /* 00000001095216660482 */
MASQUERADE  all  --  anywhere             anywhere             /* 00000001095216660483 */

Chain UBIOS_PREROUTING_JUMP (1 references)
target     prot opt source               destination

Kind Regards, Rogier

jadedeane commented 1 year ago

Unfortunately your NAT and DNS setup there is a bit unique, and a bit out of scope here.

I recently updated to confirm UniFi OS 3.0.19 support, both on UDM and UDM SE, which are working as expected.