Access NAT'd URL from inside network
-
I have a feeling this is not going to work but here it goes anyways. I have a webserver inside my network. I have a NAT setup to forward the service on a certain port to that server. I need to be able to make changes to that server from inside the lan and test it inside the lan. The reason for this is because I usually work on it while Im at home.
Does anyone have any idea on how I can manage it from the URL instead of the local ip? I would really like to hear if anyone has any options for this.
Thank you in advance.
-
If you are on pfSense 2 or later, the easiest way would be either enabling NAT reflection for just that rule or enabling it globally for all rules at System: Advanced: Firewall/NAT. On earlier versions, there is only the global option at System: Advanced. Unless you are sure you will want it enabled for all rules, I'd recommend only enabling it for the rules you know you want it on (if using a version where that is possible).
-
I tried that and I did not see the change. I am unable to access my web url from inside the network. Weird deal. Do I need to restart the firewall or anything like that?
-
Reboot did not work either. Ill keep on trying different things
-
Can you post logs???
Try it on pfsense 1.2.3 See if it changes behavior.
-
So, after about an hour of not changing anything, it started working perfectly. I dont know exactly why, but I am happy.
Thanks for the ideas and help
-
So, after about an hour of not changing anything, it started working perfectly. I dont know exactly why, but I am happy.
Thanks for the ideas and help
That probably means that a previous state existed which related to one of the NAT rules, which eventually timed out and things started working.
-Andreas
-
Seems your nat reflection is working now. But vs hitting your pfsense box and then just get reflected back in. It simpler if you ask me to just setup your local dns to resolve your fqdn you trying to hit to the local IP.
example http://www.publicdomain.com resolves to 1.2.3.4 on the public internet, and 1.2.3.4 is your wan interface IP.
Just setup your local dns or even just a host file on your client to resolve www.publicdomain.com to your private address for example 192.168.1.37 (whatever private IP your server is on)
-
Either way might get complicated. I personally prefer NAT reflection over split horizon DNS, as johnpoz suggested.