LAN cannot access local server
-
When NAT reflection is enabled I cannot access the internet at all.
-
I very very much doubt that…
NAT reflection does nothing else than rewrite packets with as destination your WAN ip to your server...Are you sure you didnt enable Advanced outbound NAT?
-
Automatic NAT rules is definitely selected. Just tried again now and am no longer able to access websites with NAT reflection on, and the only clue I can see is this line in the system log:
php: : Not installing nat reflection rules for a port range > 500 -
Then you are trying to forward a range bigger than 500.
Read the description of NAT reflection:
Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks. Note: Reflection only works on port forward type items and does not work for large ranges > 500 ports.
Do you really need more than 500 ports forwarded?
Afaik if you try to split a range bigger than 500 up into multiple forwards of each 500 you will run into a hardlimit of 1000 ports that can be reflectect at once.
-
I had one port range forwarded (around 1000 ports for FTP) but even with that removed, general internet access is not possible with NAT reflection enabled. (But it does not spit out the message from before in the logs… looks pretty normal in there really).
-
Did you remove your firewall rule that allows access to the internet?
If you loose general internet access you missconfigured something.Can you show screenshots of your rules?
(NAT, Firewall, AoN) -
Sorry, been crazy busy ;D
Appreciate the help! -
Interesting new result!
When I turn reflection on I can now access my website! Hurray!
But I cannot access any external sites, it bounces them back to my own website. Sounds like port 80 isn't being handled correctly.
Looking at the config, is anything amiss? Do you need more examples?
Cheers,
Leon -
You have in your fowardings as external Address: "any"
Set that to your WAN IP. -
And if my WAN IP is dynamic.. I have to manually update it everytime?
-
No.
Because you dont select an IP but an interface. -
Thanks for the help, it is still not working but I think I know what I have to do!
Cheers,
Leon