Can´t access wan to lan

naksu

Hi,

i have little problem with my new setup, any idea how to get that work right?

My setup is:

Cablemodem: i get a public ip 82.xxx.xxx.xxx
Pfsense wan get that ip 82.xxx.xxx.xxxx
Pfsense lan 192.168.0.1/24

i have ubuntu server located lan ip 192.168.0.200 (port 22, 80, 443, 55000-57000 need to access outside with using public ip 82.xxx.xxx.xxx.

i tried several different options but despite this i can't access that server from the public network. What i need to that i can access outside to my lan network server?

Here is screen capture from firewall/nat page.

settingsfromfirewalloptions

Thanks for help! :)

viragomann

@naksu
In a NAT rule the destination has to be that address the client is accessing to. Since the outside client is accessing your WAN address you have to set it to "WAN address".

naksu

@viragomann

Hi again!

Thanks for help, i made some setup now, i don't know if i did it right now.

newsetup

i get same error msg from firewall than before i change that settings

Firewall: The rule that triggered this action is:
@5(1000103483) block drop in log inet all label "Default deny rule IPv4"

and if i connect device same network with wlan exsample and try to connect wan ip, it opening me pfsense login page.. not 192.168.0.200 located webserver.

Rico

https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat.html

-Rico

viragomann

@naksu
Nobody will be able to access your internal IPs from the outside. Private addresses are not routed in the internet.
So this can't be the destination the client tries to access.

As you wrote above

@naksu said in Can´t access wan to lan:

need to access outside with using public ip 82.xxx.xxx.xxx.

...

naksu

@rico

Thanks :) i think i get it working now

workingwiththis

what do you think this looks like? :)

Do i need to make new nat rule if i want access my laptop (lan ip 192.168.0.xxx) to wan ip which will redict it to .200. I mean if open web browser and put ip 82.xx.xxx.xxx it doenst do anything.

Outside it working now i i put my laptop to other network.

viragomann

@naksu said in Can´t access wan to lan:

what do you think this looks like? :)

Not clear if you really need to open 55000-57000. That's a quite wide range, but you may know, what you're doing here.

@naksu said in Can´t access wan to lan:

Do i need to make new nat rule if i want access my laptop (lan ip 192.168.0.xxx) to wan ip which will redict it to .200.

Just using the internal IP from LAN is not an option for you?
If you access to destination from the internet by using a hostname you can add a host override to your internal DNS.

Otherwise you can try to go with NAT reflection. You can enable it in the NAT rules or globally in System > Advanced.

naksu

@viragomann said in Can´t access wan to lan:

@naksu said in Can´t access wan to lan:

what do you think this looks like? :)

Not clear if you really need to open 55000-57000. That's a quite wide range, but you may know, what you're doing here.

probably need to shrink the area

@naksu said in Can´t access wan to lan:

Do i need to make new nat rule if i want access my laptop (lan ip 192.168.0.xxx) to wan ip which will redict it to .200.

Just using the internal IP from LAN is not an option for you?

yes it's on, but I'd like to use a domain name

If you access to destination from the internet by using a hostname you can add a host override to your internal DNS.

Otherwise you can try to go with NAT reflection. You can enable it in the NAT rules or globally in System > Advanced.

Thanks for help, i will try that :)