Tomato: routing WAN traffic to local port

lannetworkingrouterroutingvlan

Setup

My Tomato router is configured with one of the lan ports (LAN4) in the same Vlan as the WAN port. The server has its own WAN IP assigned by my ISP (11.11.11.22 in this example).

All other LAN ports on the router are left in the 'normal' configuration: they are in the local 192.168.1.x subnet, with NAT to the WAN port: the computer(s) in this LAN all share the public IP address (11.11.11.11 in this example).

                            Internet
                            WAN IP: 11.11.11.11
                                |
            Server              |
            WAN IP: 11.11.11.22 |
                        |       |
Computer                |       |
local IP: 192.168.2     |       |
    |                   |       |
    |                   |       |
+------+------+------+------+-----+
| LAN1 | LAN2 | LAN3 | LAN4 | WAN | < physical ports
|                    |            |
| <----- VLAN 1 ---->| <- VLAN2 ->| < VLANs
| 192.168.1.x range  | WAN range  |
|                    |            |
|           <=== NAT ===>         |
+---------------------------------+

Question

The setup described above works quite nicely.
However, there is one issue: if a computer from the 192.168.1.x range uploads something to the server, all network packets are sent via the public internet, which is very slow compared to the local network. Is there a way to route packets for the server directly to the LAN4 port, bypassing my slow ISP connection?

Edit – additional info

The router is an asus RT-N16 running the latest Tomato firmware. The firmware has quite a lot of options, like defining multiple Vlans, subnets, static routing. If required it would also be possible to use iptables directly, but im not sure how it would integrate with the GUI options.

The server runs its own firewall and some services on various ports (https, mailserver etc) and has its own dedicated WAN IP.

The server does not have a local ip address, it receives its address directly from the ISP (Vlan2 acts like a switch). The "LAN1" to "LAN4" ports mentioned above are the names of the physical ethernet ports on the router.

Best Answer

You need to give the server an IP address from the LAN too to be able to communicate within a LAN. What you could also do is add a third VLAN with a LAN meant just for the servers, say with IP range of 192.168.2.0/24. Then just configure LAN access between the two different LANs.

Related Question