NAT Reflection Issue with Dual WAN Setup in pfSense 2.7.2
-
The LAN rule already has the source set to all and all ports going out are open.
-
@TonyArizin
The destination has to be the local IP of the server, not the public one, since this is, what you want to access in fact. -
First of all, thank you for your answer.
So, does that mean that in the LAN firewall rule, the source should be any and the destination should be the internal address of the web publishing server?
In addition, there is already a LAN firewall rule with the source set to any and the destination set to any. Does that mean that I need to add what you mentioned in addition to this?
-
The default LAN to any rule should pass that traffic.
What rule did you add exactly?
-
protocol is ipv4*
source is *(any)
port is also *(any)
destination *(any)
I created a rule like this, but the only special thing is that I set the gateway to be a gateway group. -
@TonyArizin
Stating a gateway turns the rule into a policy-routing rule. Then all matching traffic is forced to the gateway.
Hence this rule doesn't allow access to internal destinations. -
Yup, that^
-
First of all, thank you for your answer.
Then, if I specify a gateway other than the default, do I need to create a LAN rule for it? Can you show me an example of a LAN rule that I need to create?
-
Yes if you are policy routing traffic from LAN via a specific gateway you need another rule above that to allow traffic to other local destinations that avoids policy routing.
So for example:
There I'm using an alias 'LOCAL' that contains all the subnets I need to bypass policy routing for.
-
I understand.
I think you set the source to LAN subnets and the destination to 'LOCAL', but can you actually use the internal IP of the web publishing servers I mentioned as an alias for 'LOCAL'?
-
Yes as long as it matches the traffic against a rule that's above the policy routing rule that will work.
