Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with WAN in LAN

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 443 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oscar.omar.upt
      last edited by

      Hi, I have a problem with my LAN (172.11.90.0/24), the problem is as follows:
      I have a server 172.11.90.10 with NAT 1: 1 to a public IP of WAN ex: 200.200.200.200, that server has CPANEL installed and in the rules I have all the ports exposed, from any external Internet network I can access and everything works Well, the problem is when internally (LAN) I want to connect for example to port 25, 465,587,110,993, etc., it does not answer me and I always get a time out, if I do a telnet it does not answer anything, if I do a traceroute it does not jump, I do not know why that happens, that is, from the Internet to the server everything works but internally in the same LAN does not work and has no communication. Could you help me understand this please.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        @oscar-omar-upt said in Problem with WAN in LAN:

        AN (172.11.90.0/24),

        That is not rfc1918 space.. So your public 200 is easy to make out that your trying to call it public.. But with that 172.11 did they just make it up - why? would they not just make up something inside rfc1918 space if they are worried about giving their real rfc1918 IP for some crazy reason?

        If your trying to access public IP to get forwarded back in, then you need to make sure you setup nat reflection... Which would be better to just access the local ip vs actually trying to do some nat reflection BS..

        Do a host override so when your local your resolve fqdn to whatever local IP is vs public one.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • O
          oscar.omar.upt
          last edited by

          You may not explain to me, the problem is this:

          I have a server with IP 10.0.0.3 and it has a NAT to the public IP 200.200.200.200, the NAT I do it in PFsense and I add the ports that I want to listen to, create a domain to the IP 200.200.200.200 called mail.mydomin. com.
          I have a server within the same network, the server has the IP 10.0.0.4 and from that server I need to send emails but they do not leave, since this server does not recognize the IP 200.200.200.200, when I ping, telnet does not answer anything. If I do it from a network (for example my laptop) it works perfectly.
          If I do the same tests locally, that is to say a ping or telnet to IP 10.0.0.3 it answers everything! The 10.0.0.0/24 network is my LAN and the IP 200.200.200.200 is a virtual IP of my public IP network segment.

          Thanks for the help.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Again use your local IP vs the public on on your wan when your local... So your email server is say smtp.domain.tld on the public internet this resolves to 200.200.200.200 for example.

            So setup host override locally so that smtp.domain.tld resolves to 10.0.0.4 the smtp servers actual local IP.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • O
              oscar.omar.upt
              last edited by

              I understand, and I have mitigated some problems like this, adding in my hosts file the IP 10.0.0.3 to the mail.domain.com domain, however I have 10 VMs using the same service, I have done the same action in the 10VMs, my question is why does this happen? Why Pfsense has that behavior, if everything will work fine, I shouldn't do this, that is, there is a problem because this is a temporary solution, if everything will work fine I would not have to make any changes to my servers to add that data.

              Thanks @johnpoz

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.