Accessing forwarded ports via Dynamic DNS from internal IP's
-
Hi
I have tried
https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
With no success :(
I am stuck trying to figure out why an internal client cannot access xyx.dyndns.org:1234 yet an external client can happily access it.
All attempts to figure this out have resulted in no progress whatsoever so I am turning to the community in the hope that someone will take pity!
What am I missing here? -
Split DNS. Add a host override (if using pfSense for DNS) that resolves xyz.dyndns.org to the LAN IP of the forwarded server. If using some other DNS, configure it to resolve that host to your LAN IP. Avoid NAT Reflection if you can.
-
thanks for the assist :)
I have just retried this to no effect….One thing I do notice is that if I try to traceroute to xyz.dyndns.org the trace fails unless I use ICMP...Is this a symptom or a part of the disease? -
Perhaps you could tell us what you are doing… E.g., if you are forwarding xyx.dyndns.org:1234 to a webserver like 10.20.30.40:80 then you access it via http://xyx.dyndns.org from local net with the override in place. Not via http://xyx.dyndns.org:1234
-
I have a server running on xyz.dyndns.org:123
I also have a server running on xyz.dyndns.org:456
The resources are available from outside my network without issue.
Internal clients are unable to access the resources
I have tried the split-dns suggestion from above and also the pure-nat suggested in the article I linked to in the first post.I am confused by the fact that traceroute from the pfsense box will only resolve xyz.dyndns.org if ICMP is checked.
Any advice is very much welcomed..I am a bit stuck!Thanks
-
Sigh. Kindly post the NAT rules since apparently you did not read what I posted above.
-
Split DNS is the way to go. What are you using for a DNS server? What did you do to it? What do you get on your client when you do an nslookup on your dynamic domain?
