Virtual ip's can't access internal network

arnada

Hi,

I've just installed my second pfsense firewall and configured virtual IP's with NAT 1:1 and the problem is that I can't access my servers from the inside but from the outside or connected with a PPTP VPN there is no problems with connecting or accessing.

So this is my setup:

10.10.10.1 <– this one is used for my pfsense server and the internal network

10.10.10.2 <-- Virtual IP 1
10.10.10.3 <-- Virtual IP 2

NAT 1:1

WAN 10.10.10.2 192.168.10.20 *  Webserver1
WAN  10.10.10.3  192.168.10.21    *  Webserver2

Every public server have rules and everything connected to the pfsense (10.10.10.1) has NAT portforward.

The rules looks like this:
TCP/UDP * * 192.168.10.21 80 (HTTP) * none   HTTP on Stackmember1

And the NAT looks like this:
WAN TCP/UDP * * WAN address 4050 192.168.10.3 4050 VOIP1

I can't access domains or external ip adresses behind the pfsense, i can access them locally though, like 192.168.10.21 gives me the webserver2's login page.

Thanks in advance

cmb

http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

arnada

@cmb:

http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

Left the office and went home, when I logged into the webserver#1 i could access my domains from remote desktop, don't know if it's just because I was on the webserver or if it is working on my workstations too, I'll have to check tomorrow.

arnada

Well something is wrong, when I try to acess the webserver#1 (external ip) from the internal network, I get redirected to :8080 and if I try to acess my backup server (external ip) from the internal network I get prompted to type in username and password for the backup device as it should do.

The wierd thing is that both servers have a webserver on Port 80 but the Webserver#1 also have other stuff like Bind, Ftp and so on and so on.

So I was thinking, the only differense between the servers is that the backup server (NAS) doesn't have a DNS but the webserver have a primary DNS server assigned. (192.168.10.1)

Any help is appreciated

arnada

i should also mention, for the virtual IP part I followed a Youtube video where they said that you should only use rules and not the NAT port forward part, is this correct ?
best
regards

arnada

Update:

I've removed all the rules and added them back as NAT port forwarding, now I can access sub-domains and check my mail from the inside, but I still can't browse the main domain.

www.mydomain.com redirects to www.mydomain.com:8080

And again, when using VIP, is it safe to add NAT port forwarding instead of just rules?

Thanks

cmb

you have to have port forward and rule both