• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Access servers behinf firewall by local clients

NAT
2
3
336
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    ASGR71
    last edited by ASGR71 Jan 11, 2023, 10:08 PM Jan 11, 2023, 10:07 PM

    Hi Guys,

    I have two SG1100 connected in series:

    INTERNET
|
V
PRIMARY SG1100 -> SWITCH -> GENERAL CLIENTS
                  |
                  V
                  SECONDARY SG1100 -> SWITCH -> SERVERS

    Probably not the best setup but options are limited.
    The Primary, connected to the internet, connects all general machines.
    The Secondary, connected to the Primary, connects all the servers for an additional level of security.

    I managed to forward connections from an external WAN connection through the Primary to the Secondary to a PLEX server as per the following 'How To' https://portforward.com/help/doublerouterportforwarding.htm and all works well...

    Unfortunately, I'm having problems trying to forward local clients on the Primary to the servers on the Secondary.

    I'd like to access my PLEX server by other devices on the Primary and realise that I need other ports-forwarded (i.e. https://support.plex.tv/articles/201543147-what-network-ports-do-i-need-to-allow-through-my-firewall/) but I don't know how to port-forwarding correctly for local clients. All infrastructure IP addresses are static

    Can someone direct me to the correct manual page / external link / give example / or menu option location?

    Thanks.

    S 1 Reply Last reply Jan 11, 2023, 11:05 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @ASGR71
      last edited by Jan 11, 2023, 11:05 PM

      @asgr71 Did you enable NAT Reflection on each of the NAT rule(s) on PRIMARY? If not, requests from GENERAL CLIENTS would not use NAT and requests to the WAN IP of PRIMARY would not reflect back in.

      You could also use split DNS so GENERAL CLIENTS directly use the WAN IP address of SECONDARY.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      • A
        ASGR71
        last edited by Mar 15, 2023, 6:58 PM

        Thanks Steve!

        Finally got the right option.
        Had to use NAT + Proxy.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.