Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with access to nat 1:1 server from internal LAN

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kazzuja
      last edited by

      I have pfsense version 2.3.3-RELEASE-p1 (amd64)
      built on Thu Mar 09 07:17:41 CST 2017
      FreeBSD 10.3-RELEASE-p17 as virtual machine
      (VMware ESXi 5.5.0) with 2 physical nic (LAN and WAN).

      I have problem with access to owncloud serwer (internal lan virtual machine) by external ip (35.190.75.132) or dns name
      (cloud.mydomain.com) from internal lan in my work.I can access only by internal address 192.168.1.26.

      From outside everything works correctly.
      I can ping and access to owncloud server over https and ssh to 35.190.75.132 and cloud.mydomain.com without any problems.

      I have some additional ip addresses for example:
      35.190.75.131,35.190.75.132,35.190.75.133, etc.

      192.168.1.1 is my LAN pfsense address (Interfaces -> LAN)
      35.190.75.131 is my primary WAN adress (Interfaces -> WAN)
      35.190.75.132 is my external owncloud address (Address added in Firewall -> Virtual IPs)

      Type: Ip Alias
      Interface: WAN
      Address type: Single address
      Address(es):35.190.75.132

      In Firewall -> NAT -> 1:1 menu I have entry:

      Disabled: not checked
      No BINAT (NOT): not checked
      Interface: WAN
      External subnet IP: 35.190.75.132
      Internal IP: Single host: 192.168.1.26
      Destination: Any
      Nat reflection: Use system default

      In Firewall -> Rules menu -> I have rule:

      Action: Pass
      Disabled: not checked
      Interface: WAN
      Address family: IPv4
      Protocol: Any
      Source: Any
      Destination: Singlehost or alias : 192.168.1.26

      In System -> Advanced -> Firewall & NAT menu I have:

      NAT Reflection mode for port forwards: Pure NAT
      Enable NAT Reflection for 1:1 NAT: checked
      Enable automatic outbound NAT for Reflection: checked

      I tried with the option Services -> DNS Forwarder

      Enable: checked
      DHCP Registration: not checked
      Static DHCP: not checked
      Prefer DHCP: not checked
      DNS Query Forwarding: not checked
      Interfaces: LAN
      Strict binding: checked

      Host overrides -> Add:

      Host: cloud
      Domain: mydomain.com
      Ip Address: 192.168.1.26 or 35.190.75.132

      Then I set in my Windows 10 test workstation:
      Preffered DNS serwer: 192.168.1.1 (Internal pfsense address).
      But it still does not work.

      I have Active Directory server with DNS on 192.168.1.20 address.
      All computers have this address as primary DNS server.
      I can not set their DNS address as 192.168.1.1.

      I read this article but it did not help me:

      https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

      Please help me ! Thx :)

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        @kazzuja:

        I have Active Directory server with DNS on 192.168.1.20 address.
        All computers have this address as primary DNS server.
        I can not set their DNS address as 192.168.1.1.

        So add the external hostname of the owncloud server to this DNS with its internal IP and verify if your computers resolve it correctly (after flushing DNS cache!).

        1 Reply Last reply Reply Quote 0
        • M
          mvanniek
          last edited by

          Kazzuja, did you manage to resolve your issue?
          Especially the part where you can ping the external IP…

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.