1:1 NAT and Loopback/Reflection?
-
We use 1:1 NAT for all our public IPs, which are configured as CARP IPs since we have an HA pair of pfSense 2.2.2 devices. Even though NAT reflection is enabled, no internal machines can hit our external FQDN without getting the pfSense admin login page. (I enabled it for WAN access.)
To date, we've simply used internal DNS trickery to work around it, but it's at the point now where it's such a PITA that I'd like to fix it so it just works, without DNS hacks and hosts files.
Is it possible, or is just a limitation of the way we have pfSense configured?
-
DNS is the proper way to do it. Playing ping-pong with packets is not.
-
ugh, make me manage a split DNS system instead of being lazy cuz it already worked!! Makes sense if you are moving a lot of data but for small stuff, meh.