"10.10.10.1.1024"

Sorry but hat is not 11.11.11.20 so why would it be forwarded?

Obfuscating address are not going to let us help you..  especially when you change it to be something that clear would not work per your rule.  That IP is from what you stated is your wan gateway IP, not some public IP 11.11.11.20

Resolved - host machine is Microsoft OS, so i just enabled UPnP and now port forwarding vs OPT works.

thanks

You know you can embed images here directly eh?

I'm not sure why you keep mentioning squid.  Squid is a web proxy for LAN users going out.  It can also be used as a reverse proxy, but single guy at home with one web server doesn't really fall into the typical use case for reverse proxy.  I wonder if that may be the root of your problem.  A straight port 80/tcp port-forward is usually the easiest thing in the world.

@viragomann:

So NAT reflection could be a solution for you. You can select a NAT reflection method in the corresponding NAT rule. Try if "pure NAT" works, otherwise try "NAT + proxy".

Sorry for late reply, been sleeping and working.

That didn't work for me unfortunately.. I'll guess I'll go with the solution where I changed unraids port, I can't see that it would do any difference.

Thanks to you anyways!

Turn off NAT reflection altogether and use split DNS instead, if possible.

https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Nat reflection would have to be setup.. If you want to hit your public IP from lan side to get reflected back in… If your going to be doing stuff on 80 you prob want to turn off the webgui redirect that listens on 80 and sends to your https port, or change pfsense webgui if only http to be a different port than 80.. And then still turn off the webgui redirect that listens on 80.

webredirect.png
webredirect.png_thumb

That did it, holy crap.

Thank you so much.

NAT reflection is a hassle and PITA.  Use split DNS if you can.  I don't have any specific fix other than to avoid that situation altogether.

Thanks - I didn't read all the detail, my bad.. Thanks for the catch jahonix..

So 10.132 is different network than his lan.. Is there natting going on between the networks..  Can you ping the camera IP from your server in your lan 192.168 network?

If so you should be done - just register your camera how you would any other camera on the local network.

If you are natting then you need to port forward, if your not natting you just need to allow the traffic you want from the camera to the server, the server unless your locking down your lan outbound should be able to talk on any port it wants to your camera, etc..

Happy to help you work out what you need to do - but going to need a bit more info.

State Type = Keep
State Timeout = *Empty

Update…

I fixed it by adding one more NAT Rule with LAN Net as Source Address.

why would you client not just go to https://myservicereal.local

@KOM:

Are these devices on a different network than your LAN?  I wasn't sure if the IPs you provided were just for example or real.  A reverse proxy might help here, like HAProxy.

No all servers are in the same network wich is my LAN. I use different IP subnets to sepparate real addreses from fake.

You have a double-NAT config which will make this harder.  Basically, you need a way to tell your ISP modem to forward to pfSense, which will then forward again to the device.  Unfortunately, most ISP modems do not have any intelligence in them and you will not be able to add or modify their rules.  Far better to put the modem in bridge mode so that PfSense gets your WAN address.  But even then you're still in private space, so there is yet another level of NATing going on here to get you to the public Internet.  With all these levels of NAT, you're going to find it difficult to share anything.

No. It is not new.

There is something called "negate routes" that attempts to automatically bypass policy routing for certain networks.

It can miss things in certain cases so it might have been automatically negated before and is not now.

Glad you found it.