Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot use WAN IP inside my own network

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 615 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RedPull
      last edited by RedPull

      Hi all!

      I have a weird situation where i can't get my head around.
      And i also don't know where to start looking.

      Here is the situation:
      I have some stuff running that have to be accessible from outside my network.
      So i chose (temporary) to punche some holes in my network via port forwarding, which of course works like a charm when i am outside my network. But when i try

      http://<WANIP>:<PORT>

      inside my network it dos not work. Only when i connect to a VPN service it dos.
      Is there some sort of setting that i am missing?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        Likely you would need to enable NAT Reflection in that case, but the first question is why are you attempting to connect that way? If you are inside the LAN where the resource is located, then simply connect to the native host IP.

        If you have associated the IP with a domain name, then you can configure a host override in the DNS settings to point local clients directly to the native IP.

        If you really, really want to use NAT Reflection, here is the documentation: https://docs.netgate.com/pfsense/en/latest/nat/reflection.html. Be aware that this comes with its own extra baggage, and that is what makes it not the first recommended solution. Be sure you read the caveats covered in that linked documentation. Plus, the docs show several ways to eliminate the need for NAT Reflection.

        1 Reply Last reply Reply Quote 2
        • R
          RedPull
          last edited by RedPull

          Yes, i associated the IP with a subdomain name.
          For instance:

          • I pointed cloud.my-domain-name.com to my WAN IP in Cloudflare.
          • Added it as a Dynamic DNS Client on my pfsense router.
          • Also did the necessary port forwarding.
            Connecting to http://<WANIP>:<PORT> or http://<sub.domain.com>:<PORT> Works like a charm only when connected to a VPN inside my LAN
            But when i'm outside my LAN with or without VPN connection.
            So how come this ain't working with pfsense when i'm inside my LAN without a VPN connection?

          It used to work with my previous (asus) router.

          R 1 Reply Last reply Reply Quote 0
          • R
            rcoleman-netgate Netgate @RedPull
            last edited by

            @redpull Please look over this doc: https://docs.netgate.com/pfsense/en/latest/nat/reflection.html

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            1 Reply Last reply Reply Quote 1
            • R
              RedPull
              last edited by RedPull

              Thx!
              Got it to work by selecting "Pure NAT" on "NAT Reflection mode for port forwards"
              Although i'm not exactly sure what that means in terms of security.

              Will dive into that matter later on, so i know what i'm doing. ;-)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.