Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT Reflection 2.3.1 Issue

    Scheduled Pinned Locked Moved NAT
    8 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maxx8888
      last edited by

      Hi,

      I was using NAT Reflection prior 2.3 normally. I need it for some special Services like Mailserver.
      SplitDNS just makes it complicated for me, since every Service need it's own DNS Entry.

      My ISP is drei.at, an LTE Internet Connection via LTE Modem.
      It seems like NAT Reflection is not reflecting on the pfSense back to the Server.
      Instead pfSense seems to forward the Traffic to the LTE Modem.

      If e.g. i'm adding a Service on port 80 to an internal Server and enabling NAT Reflection, i'm connecting to the Web Interface of the Modem instead to the internal Server.

      LTE Modem Config:
      Opt1 Interface, Static IP 192.168.0.254  -> LTE Modem 192.168.0.1

      Gateway:
      Default Gateway set to Opt1, Gateway IP 192.168.0.1

      NAT Rule:
      Interface: Opt1
      Protocol: TCP
      Source: Any
      Destination: Opt1 Address
      Destination Port: 80
      Redirect Target: 192.168.123.28
      Target Port: 80

      Nat Reflection: Pure or NAT+Proxy -> same Issue

      Enable Nat Reflection for 1:1 Nat: checked
      Enable automatic outbound NAT for Reflection: checked

      I just cannot figure out, what I've configured wrong.

      Thanks a lot for helping,
      Maxx

      1 Reply Last reply Reply Quote 0
      • N
        NOYB
        last edited by

        Don't overlook the relevant settings on the System / Advanced / Admin Access page.

        Also, when using port 80 if it is getting redirected to https then you are probably experiencing HSTS and probably need to clear browser cache/cookies.  pfSense 2.3 uses a 1 year HSTS cookie.

        Have a look at these.

        Re: [SOLVED] NAT Reflection Troubles
        https://forum.pfsense.org/index.php?topic=98764.msg550431#msg550431
        https://forum.pfsense.org/index.php?topic=98764.msg613696#msg613696

        NAT Refection Config Outline
        https://forum.pfsense.org/index.php?topic=98764.msg550414#msg550414

        1 Reply Last reply Reply Quote 0
        • M
          maxx8888
          last edited by

          I don't think it is related to port 80 Issues on pfSense.

          I have this Reflection Issue on all Ports.

          If i enable Reflection on port 22 to internal Server 192.168.123.2 (LAN-Port), it is still forwarding this request to 192.168.0.1 (OPT1) to Modem. Modem is then answering instead of the Internal Server.

          Is it possible that this happens because DMZ is enabled on Modem?
          So,the Internet IP-Address is basically assigned to Modem, and Modem LAN side has 192.168.0.1. OPT1 Interface on pfSense is then 192.168.0.254.

          I'm using DMZ, because Modem has really just basic functionality.

          So, then this would mean that my home FQDN is resolving to the Internet IP-Address, which is basically the Modem. Basically, pfSense need to know, to reflect traffic locally, and not forward it to Modem.

          Is this doable?

          1 Reply Last reply Reply Quote 0
          • N
            NOYB
            last edited by

            Is is possible to config the modem in a bridge mode so pfSense picks up the public IP address instead of the modem?

            1 Reply Last reply Reply Quote 0
            • M
              maxx8888
              last edited by

              Unfortunatly not. The Modem is a ZTE MF283.
              Reallllly just basic Function :).

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                The upstream device doing the NAT has to do the reflection in that case.

                1 Reply Last reply Reply Quote 0
                • M
                  maxx8888
                  last edited by

                  Really?

                  So, all Setups where Provider Modems are used are not working with NAT-Reflection.
                  Strange, that there are not more Users having the same Issue. :-/.

                  Thanks for clarification!

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    NAT reflection only reflects traffic matching the configured port forward. Where there is an upstream NAT device, traffic to your real public IP doesn't meet that qualification. That's true of everything that has NAT reflection.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.