How does Alta handle hairpin NAT? Do we have any IDS IPS yet on the route 10? Do we have any custom DNS servers inside the route10 or would it need to be external a la pihole/adguard. Thanks!
I think I can answer a couple of these!
IDS/IPS is definitely available now and they have a help article here about it: https://help.alta.inc/hc/en-us/articles/35867777597083-Intrusion-Prevention-and-Detection-with-Route10
I don’t think there’s a checkbox for hairpin in the controller interface, but I can see that all my port forwards have this option enabled by default in the firewall config
list reflection_zone 'v10zone'
list reflection_zone 'vpnMasq'
list reflection_zone 'vpn'
list reflection_zone 'lan'
Which I believe enables NAT reflection (hairpin) for those zones. Although someone can feel free to correct me if that’s wrong at all!
No custom DNS servers that I’m aware of, although the Content Filtering should now work with wired connnections after the latest Route10 update. Although I haven’t had a chance to test that yet myself.
1 Like
This is great. I currently have some DNS rewrites that I would really love to offload. Thanks for the help!
1 Like
Glad I could help! Give it a shot and feel free to update the thread with how it goes (if you’re so inclined).
I spotted that NAT reflection is mentioned in some of the Route10 release notes as well so hopefully that confirms it even more. If that’s correct, any chance we could have that mentioned in the port forwarding help article @Alta-Josh ? My apologies if I shouldnt’ have tagged you on that, I just saw the name Josh in the help article and made an assumption 
1 Like