[Solved]Can't not build connection (forwarded ports on my WAN IP from my LAN)
-
Hi guys , I have a server with 200.200.200.1 and NAT IP is 192.168.1.17 , this server is services as SMTP .
It is working fine , but some thing confused me.
I can telnet [200.200.200.1] [25] from outside , from 192.168.1.17 will failed but ping still success.
It is strange , why I can't telnet [200.200.200.1] [25] from my self.I set NAT > Port Forward : below
I set 200.200.200.1 as virtual IP which type is IP Alias .
I set 200.200.200.1 as NAT outbound with source is 192.168.1.17
The firewall only have one WAN interfaces with 200.200.200.2 . one LAN interfaces with 192.168.1.23
SMTP server default gateway is 192.168.1.23Interface : Wan
Protocol : TCP
Src addr : any
Src ports : any
Dest addr : 200.200.200.1
Dest ports : 25 (SMTP)
NAT IP : 192.168.1.17
NAT Ports: 25
Filter rule association : PASS -
Sounds like you need to enable NAT reflection.
-
Thanks , how to enable NAT reflection ? :)
-
http://lmgtfy.com/?q=pfsense+nat+reflection
First result.
-
Thanks , I got it .
Maybe the split DNS is better way :) -
Generally, yeah, it's best to not loop traffic through the firewall where it's not strictly necessary to do so.