PfSense 2.1 NAT Reflection
-
Hello everyone - I am new to the forum, although I have been been a happy pfSense 1.2.3 user for several years.
I recently decided to move to 2.1, and for better or worse I decided to do a complete reinstall rather than just upgrading. I wanted to re-enter the configuration and rules from scratch - this may have been a big mistake.
Simply put, I cannot seem to get NAT Reflection to work for the life of me. It all worked fine in 1.2.3, but even after carefully inspecting my old 1.2.3 backup XML file I can not see what I am doing wrong. There seems to be some subtle differences in how the two versions handle reflection.
So, here is my environment:
I have three interfaces - WAN, LAN, and DMZ. There are several servers in the DMZ that act as web or email servers.
I configured each of my WAN static IPs (which are defined as Virtual IPs) with 1:1 NAT. I made sure reflection was turned on in the settings, and I made sure the 1:1 NAT configuration had reflection enabled.
The 1:1 seems to work fine from the WAN. I can access the servers as expected, either from their WAN IP or their respective DNS URLS. However I cannot see my servers from the LAN, whether I use the WAN IP, DNS name, or the DMZ IP address. This is a classic use case for NAT reflection, as far as I can tell, but it is not working for me.
Attached are some relevent screen shots. I experimented with adding port-forward rules (the last two shown in the Port Forward list, but the do nothng useful. The last LAN rule is the auto-generated NAT rule.
Does anyone have any ideas? I imagine it is some simple thing - most everyone is getting NAT Reflection to work in 2.1.
Any help would be appreciated.
-
Same problem for me! do you find a solution???
Thanks…
-
And your FW rules permit the traffic??
-
And your FW rules permit the traffic??
Yess, in my case, I have nearly exact configuration exposed by open poster and of course, the rules to permit traffic.
Only NAT reflection doesn't worK!
-
I have exactly the same problem. :-[
I have several servers set up on my LAN interface with 1:1 mapping (using Virtual IPs on the WAN side).
I was using 2.0.1 and NAT reflection worked fine.
I did an in place upgrade to 2.1, and now I can't get NAT reflection to work at all.
Help, please.
-
I solved this (at least for myself, I hope this helps others on the thread). :D
I had to add a firewall rule to explicitly allow traffic from LAN1 to LAN1 - once that rule was in place traffic for NAT reflection worked again.
This rule was not required in my 2.0.1 configuration, and I thought the NAT reflection settings under System => Advanced would take care of this.
-
Thank you, davidpurdue!! I've been trying to solve this for a while now. It must have to do with the NAT+Proxy reflection mode.
-
Thanks davidpurdue!
On 2.1.5 I was unable to make NAT reflection work until I made this explicit allow rule for LAN-to-LAN. I already had an allow for LAN-to-ANY so this never crossed my mind.