Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to connect to WAN address from within the LAN.

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 525 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      arcadio
      last edited by

      My LAN address is 172.16.0.11. For the sake of this discussion, my Internet address is 10.10.10.1.

      I have a rule that forwards connections to 10.10.10.1:25 to some box on the internal LAN, say 172.16.0.15:25. However, when I try to connect to 10.10.10.1:25 from 172.16.0.11, it doesn't work.

      Connecting to 10.10.10.1:25 from some box out on the Internet works as expected: I get connected to 172.16.0.15:25.

      What's interesting is that when I connect to 10.10.10.1:443 from 172.16.0.11, it appears I'm connecting to pfSense's web interface. So I think what is happening is that pfSense sees that I'm trying to connect to the Internet address from an internal address and therefore doesn't bother allowing the connection from the internal address to go out to the Internet and then come back.

      Am I right? If so, what's the rule I need I need to write to disable this behavior?

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @arcadio
        last edited by

        @arcadio Do you have NAT reflection enabled on the NAT rule? (it doesn't need to be enabled globally)

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 1
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          Yeah you need NAT reflection or (preferably) split DNS to do that:
          https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

          Steve

          1 Reply Last reply Reply Quote 1
          • A Offline
            arcadio
            last edited by

            Thanks guys. That was exactly what I needed. And thanks for pointing me to what I needed to read in the manual too.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.