NAT Reflection, if I can't use Split DNS?
-
Hey,
my setup:
Pfsense with a LAN Interface (192.168.1.0/24) and two VLANs (VLAN 100: 10.0.0.1/24 and VLAN 200: 10.0.0.2/24).
Mailserver has a LAN IP 192.168.1.100.All LAN Clients can of course enter that Mailserver via its local IP (through Split DNS).
External via its public address.I blocked all traffic between both VLANs and the normal 192.168.1.0 LAN.
How can Clients form VLAN connect to that Mailserver?
I enabled in that 1:1 entry, NAT Reflection, but it doesn't work.For sure I made a stupid mistake but I can't see the wood for the trees ;-)
Thanks
-
Why don't you provide the internal DNS to the VLANs?
Off course you need firewall rules to allow access to DNS and the Mailserver.
-
"How can Clients form VLAN connect to that Mailserver?"
Why would you not let your other vlans talk to your mailserver via its local IP.. Set you rules to allow the traffic you want.. Is just plain stupid to not allow that traffic if your going to allow the traffic from the internet anyway.
-
"How can Clients form VLAN connect to that Mailserver?"
Why would you not let your other vlans talk to your mailserver via its local IP.. Set you rules to allow the traffic you want.. Is just plain stupid to not allow that traffic if your going to allow the traffic from the internet anyway.
Well ok, I can allow traffic between Mailserver and VLANs.
It was more a principle thing..can it work…how is itThis was my first attempt with NAT Reflection, I just wanted to try it ;)
-
… two VLANs (VLAN 100: 10.0.0.1/24 and VLAN 200: 10.0.0.2/24).
Is this what is actually configured? Or is it a typo?
-
As to nat reflection trying it? Why? Its pointless, and to be honest an abomination to good networking.. Pfsense should just drop the support all together like they did with the ftp proxy/helper ;)