Access internal server from behind firewall with public address
-
I'm running PFSense on a dedicated device with a WAN port and 3 LAN ports. Each LAN port is it's own subnet. One is labeled "LAB" - essentially all hardwired equipment, one is labeled "LAN" and is all general purpose (family) and wireless devices throughout the house and finally one that is labeled "PUBLIC" which I have a server hosting a web server.
My web server is accessible from internet with the proper rules and NAT Port Forwarding.
I have verified this by connecting my laptop to my cells hot spot and connected through cellular.I can also connect my laptop to my WiFi network (so behind the pfSense Firewall) which is the "LAN" subject and access the web server using it's public DNS address which is on the "PUBLIC" subnet.
But via my desktop which is hardwired to the "LAB" network I cannot access the web server via it's public DNS or via the public IP address. The connection times out.
So:
- Internet to Web Server - Works
- LAN Subnet to WAN to PUBLIC via public DNS address - Works
- LAB Subnet to WAN to PUBLIC via public DNS address - Fails
- LAB Subnet to WAN to PUBLIC via private IP/DNS address - Works
It seems to me one of my settings or rules is blocking (or not allowing) this to work but I can't figure out what rules are different between LAB and LAN.
Any help so I stop pulling out my hair is appreciated.
-
https://docs.netgate.com/pfsense/en/latest/nat/reflection.html
-Rico
-
@rico Thank you for the quick response. Exactly what I needed. Split DNS is so obvious an option now that I read it...should have been an easier fix. Thank you for the spark I needed.
-
Glad to point you in the right direction. :-)
-Rico