Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access servers behinf firewall by local clients

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 337 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ASGR71
      last edited by ASGR71

      Hi Guys,

      I have two SG1100 connected in series:

      INTERNET
|
V
PRIMARY SG1100 -> SWITCH -> GENERAL CLIENTS
                  |
                  V
                  SECONDARY SG1100 -> SWITCH -> SERVERS

      Probably not the best setup but options are limited.
      The Primary, connected to the internet, connects all general machines.
      The Secondary, connected to the Primary, connects all the servers for an additional level of security.

      I managed to forward connections from an external WAN connection through the Primary to the Secondary to a PLEX server as per the following 'How To' https://portforward.com/help/doublerouterportforwarding.htm and all works well...

      Unfortunately, I'm having problems trying to forward local clients on the Primary to the servers on the Secondary.

      I'd like to access my PLEX server by other devices on the Primary and realise that I need other ports-forwarded (i.e. https://support.plex.tv/articles/201543147-what-network-ports-do-i-need-to-allow-through-my-firewall/) but I don't know how to port-forwarding correctly for local clients. All infrastructure IP addresses are static

      Can someone direct me to the correct manual page / external link / give example / or menu option location?

      Thanks.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @ASGR71
        last edited by

        @asgr71 Did you enable NAT Reflection on each of the NAT rule(s) on PRIMARY? If not, requests from GENERAL CLIENTS would not use NAT and requests to the WAN IP of PRIMARY would not reflect back in.

        You could also use split DNS so GENERAL CLIENTS directly use the WAN IP address of SECONDARY.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • A
          ASGR71
          last edited by

          Thanks Steve!

          Finally got the right option.
          Had to use NAT + Proxy.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.