Local port not working

Jamerson

Hi Guys,
Today we have moved to Pfsense hardware, however the local webserver is only reachable from the outside when using the FQDN,
internal its not working.
when we use webserver.domain.com internal it does not work, on a 4G network it doe works.
when we use the internal IP of the web server it works.

Firewall rules are set fine because external it does works.
when we tracer route using the external name it drops when it's reach the Pfsense firewall and comes back up with request time out .
internal it finish the trace fine.
can you please advise what wrong ?

doktornotor

Yeah, your internal DNS is wrong.

KOM

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Jamerson

it was a issue with DNS which is fixed now,
DNS is replicating fine, however i still can't access the webserver.
when i ping webserver.domain.com it reply with the correct adres which is the external IP.
when i use the external IP on the browser it does not works, but externally it does.
isnt it Pfsense routing issue now ?

can you please advies ?

doktornotor

@Jamerson:

when i ping webserver.domain.com it reply with the correct adres which is the external IP.

No, that is NOT the correct address for pings from your LAN. Way to miss the point, altogether.

Jamerson

@doktornotor:

@Jamerson:

when i ping webserver.domain.com it reply with the correct adres which is the external IP.

No, that is NOT the correct address for pings from your LAN. Way to miss the point, altogether.

the webserver Always connected using the external IP adres.
internal IP works fine, external does not reply.
isnt this a NAT reflection issue ?
thank you

doktornotor

You are supposed to use the local IP when connecting from LAN, and the external IP when connecting from WAN.

As for NAT reflection, there are enough threads here discussing that piece of nonsense, not getting into this debate yet again.

Jamerson

@doktornotor:

You are supposed to use the local IP when connecting from LAN, and the external IP when connecting from WAN.

As for NAT reflection, there are enough threads here discussing that piece of nonsense, not getting into this debate yet again.

thank you for your answer this has been working for over 4 years, untill we deciede to move to hardware.
the external DNS is created to forward to the right IP as following.

External DNS records : webserver.domain.com >>>>>> Our External IP >>>> so our users listen connect using the external IP.
External DNS Records : webmail.domain.com >>>>>>> Our external IP >>>> Outlook connects using the external IP with autodiscover.

the old situation was the ISP router forwrard the 443/80 to the Virtual PFSENSE,  Virtual PFSESE forward the 443/80 to the internal LAN.

doktornotor

Perhaps you could finally read https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

KOM

You were either using NAT reflection, or you had your internal DNS handing out LAN IPs (known as split DNS).

Jamerson

@KOM:

You were either using NAT reflection, or you had your internal DNS handing out LAN IPs (known as split DNS).

thank you for your answer,
i managed to get this fixed using a internal split brain DNS.
much appreciate it your support.