Nat reflection not working at all
-
Hi,
I have some resources inside my network, that has to be reachable via the public ip. For instance, I have a webserver, that is reachable via http://publicip:8889, and is nat translated to 192.168.1.7:80.
I know this could be done via NAT translation, but for some reason it does not work at all. I tried setting up NAT translation (with or without proxy), tried creating manual outbound rules etc, but requests to the public address are not reflected to the local resource.
I know for sure that in the past I had this working (but I rebuild the config). Is there any way I can troubleshoot this? I don't think I have to do any other step then enabling nat reflection (or + proxy in some rare cases).
I know this is not the best solution, and the best solution is split DNS according to many people, but split DNS is not possible in my case, since some users use public DNS servers, and may experience DNS cache issues, and the ports needs to be translated (8889->80).
Maybe there is another solution I can try without DNS?Thanks
-
None of the NAT Reflection modes work for you?
-
@KOM:
None of the NAT Reflection modes work for you?
Hi,
no, both of the nat reflection modes does not work. I can ping my public IP, but when I try to access a resource, it just timeouts.
-
Then you're kind of stuck. Split DNS is the way to do it. If you have users who use external DNS, you can forward that traffic to your DNS server and they won't know any different. You are the boss of your network. Make them follow your rules, not the other way around. Setup split DNS for your external hosts so that they resolve to internal IP addresses, and then forward all port 53 traffic to your DNS servers. Done.
-
I was able to solve the issue. I had "Block private networks" turned on. I did not expect it would also block my own private network :).
-
And this is exactly why people should post screenshots of their FW/NAT/etc. rules…
