Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing Port Forwards from Local Networks

    Scheduled Pinned Locked Moved
    TNSR
    3
    4
    747
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • matlearM
      matlear
      last edited by

      Hello All,

      With TNSR on my 6100 I am having trouble Accessing Port Forwards from Local Networks.
      Does anybody know the configuration which should be applied?

      In pFsense it was quite easy to configure using the documentation:

      https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

      But in TNSR I dont know where I should start to be honest, any help would be appreciated :)

      Attached is my conf.

      TNSR.zip

      G johnpozJ 2 Replies Last reply Reply Quote 0
      • G
        gabacho4 Rebel Alliance @matlear
        last edited by

        @matlear according to the release notes for the latest version, known issue:

        Unable to establish NAT hairpin connection [8014]

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @matlear
          last edited by johnpoz

          @matlear never been a fan of nat reflection, what is the scenario that you have/want to use it - can you not just use split dns setup to resolve your local resources to their local IP vs the public one?

          This a better solution to be honest.

          The only scenario that I see where nat reflection is only way is when the local client is forced to use external dns, say hard coded iot device or something - and for some reason this can not be redirected. Or the IP is hard coded into the client.. All of which are bad scenarios to have to work through.

          I find that quite often nat reflection just seems to be solution that the user is familiar with - vs just locally resolve some fqdn to the local IP in the first place.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

          matlearM 1 Reply Last reply Reply Quote 0
          • matlearM
            matlear @johnpoz
            last edited by matlear

            @johnpoz Actually quite a few of the proprietary VM's I run in my Lab depend on hairpin NAT to function correctly.
            Cisco Expressways - Poly DMA Edge - Audiocodes & Ribbon Session border controllers.
            Lack of hairpinning can be worked around but takes more effort :)
            Split DNS I agree is easier for domain name look up but some of the advance SIP signaling I use routes back in through the wan IP address.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post