Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Yet another NAT issue :: nothing seems to work

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      skamal
      last edited by

      Hi! I am trying to set up a nat in my 3 nic box, and apparently it is not working. Let me give you the picture

      WAN :: DHCP from the ISP (real IP), but it seemed to catch the same IP every time
      DMZ :: 10.x.x.x series IPs, and the hosts can go out to the internet
      LAN :: 192.168.x.x series IPs, and they too can go out to the internet and also to the DMZ

      Now, I have set up a web server in the DMZ, with an IP of 10.x.x.17, which can be reached from the LAN. I get the pages quite easily.

      I wanted thiese to be available from the WAN side, so I have added one rule by adding a rule on the WAN port, through Firewall -> NAT > Port forward, where I have said that the port 80 from WAN should be mapped to 10.x.x.17 port 80. It has updated the firewall rules in the WAN bit and I have activated the changes.

      Ideally, at this point, I am supposed to be able to browse to http://WAN-IP:80 (or without :80, doesn't really matter) – but the page is timing out!!! I can still browse the DMZ IP, 10.x.x.17 without any problem; but nothing is reached from the outside world.

      I have checked the google, and also the tutorials, but either I'm too dumb to understand where the soluton lies or maybe it is a bit too cryptic to be notices.

      Would appreciate if someone could please point out if I have done something wrong and how to go about it.

      Thanks and regards

      S Kamal

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        See http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        1 Reply Last reply Reply Quote 0
        • M Offline
          mrzaz
          last edited by

          Hello,

          You don't mention if you are trying to contact it from inside your NATed network. ?!
          (Basicly going from 192.168.x.x through NAT to you external WAN-IP.)

          Have you checked the setting "Disable NAT Reflection" in System / Advanced ?
          Is it ticked or not ?  (for reflection to work it should NOT be ticked in as far as I know)

          Here is some information about "NAT Reflection" that you use when doing the above.
          http://www.openbsd.org/faq/pf/rdr.html#reflect

          Also there may be a bug somewhere ?!

          Best regards
          Dan Lundqvist

          1 Reply Last reply Reply Quote 0
          • S Offline
            skamal
            last edited by

            Thanks to cmb and mrzaz for the response.

            Now that I have checked from an outside host, I seem to be able to browse the web server – which I couldn't from inside, which means redirection is working. Also, I didn't know that they could be handled in such a different way in PF -- apparently a lack of experience with that.

            But that solves the trouble for the time being. Thanks for the links to pf doc, I'm reading it at the moment.

            Thanks again.

            Regards

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.