How do I get pfsense to NAT an outband FW address that points to a LAN server?

mikesm

Ok, here's the situation:  I run an exchange server at home.  It sits on the internal LAN, and pfsense registers the firewall's WAN address in a dyndns name. Pfsense maps inbound port 443 going to the WAN interface to the server's LAN address.  This is done so my phone and my wife's phones can connect to the exchange server at home from the cell network and push email to the handsets.

So my wife gets an iphone.  The iphone supports exchange for push, so it's configured to connect to the dyndns name and the SSL port and everything works fine.  Until I configure her phone to access the internet through the home wifi network, which is bridged to the local LAN with the exchange server.

Her iphone connects to the wifi network, and then tries to do a port 443 HTTPS connect to the dyndns name of the server, which points to pfsense's WAN IP address.  This doesn't work.  So basically her email doesn't work when she's in the house.  :(

How can I fix this?  What I want is for a LAN node that tries to connect to pfsense's WAN IP address on port 443 to be NAT'd to the IP address of the exchange server that also sits on the LAN.

For the life of me, I can't figure out how to do this.  Can someone here help me?

Thanks much!

Mike

GruensFroeschli

Did everyone just stop reading the faq or what?
(This is like the 4th time this week this exact question has been asked…)
http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

Reda

I enabled NAT Reflection on my machine.
It works as expected for ports 80 and 443 but it doesn't work for 21.
I disabled the userland FTP-Proxy application on all interfaces.
Do you have any idea on what could be the problem ?

GruensFroeschli

NAT reflection does not work with FTP.
Use Split DNS instead.

Reda

I'm using a Windows machine for DNS serving and unfortunately it doesn't support Split DNS.

Why DNS reflection doen't work for port 21 ?
Is there a workaround ?

Thanks

GruensFroeschli

DNS reflection? Do you mean NAT reflection?
Can you accept that it just doesnt work?
Otherwise please start using the search function http://forum.pfsense.org/index.php?action=search and find out yourself.

The proper way is to set up Split DNS.
Why dont you configure all your clients to use the pfSense as DNS server and configure the Windows DNS server as DNS server for the pfSense?
Like this you can configure split DNS on the pfSense but still your windows machine resolves stuff for the pfSense.

Reda

Yes I mean NAT reflection.

I'm already using pfsense DNS for external (VPN) users wich get a different resolution for the servers.

I just want to understand why it works for all ports but 21. Simple curiosity.