NAT from LAN-host to LAN-host



  • Hi,

    I've got a problem to access some of my services at home through my domain name. Everything works from the internet but not from my LAN. I recently reinstalled my server and have now set up a virtual server that now runs some of my services that ran on the physical machine before. But since some of my services such as homeautomation goes through hardware I'm now facing the problem that I can't access all my services using the same domain-name in all situations.

    For example:
    I have a working NAT from internet to my homeautomation-service on my physical machine: me.domain.net > 192.168.1.100
    and
    I have a working NAT from internet to my wordpressblog on my virtual machine: me.domain.net > 192.168.1.101

    when I come home and my smartphone connects to my wifi getting an LAN ip only the homeautomation works because I have added the host me.domain.net > 192.168.1.100 in my DNS resolver, the phone thinks that the wordpressblog exists on the physical 192.168.1.100 if I'm guessing right?

    To solve this I have tried setting up different nat-rules and also tried NAT reflection without success, guessing that the rules don't apply since the connection doesnt come through the WAN interface?

    I have not set up any rules in the NAT 1:1 section yet
    I also dont know if split DNS is applicable in my situation, is it?

    Can this be fixed in some easy way?

    I just installed pfSense a month ago and I think it's really great fun so far! I'm not that experienced with firewalls, I'm just trying to learn so I'm pretty new to these deeper networkingproblems though, I might be over my limit here :(

    I'd be really glad if someon could help me with this, I bet it's supereasy for everyone here :)

    //the newbie





  • I have read that and edited my nat-rules with the "Pure NAT" setting.. I alos read the instructions one more time and foud out that the settings were to be applied under system advanced so I tried that also but it didn't work.. Like the text below

    "In order to do this, navigate to System > Advanced, Firewall/NAT tab. On that page, select Pure NAT for NAT Reflection mode for port forwards, check Enable NAT Reflection for 1:1 NAT, and check Enable automatic outbound NAT for Reflection. Click Save."

    Do I have to add new 1:1 NAT rules for this to work? Because I have only made rules in the "Port Forward"-section so far



  • It all started to work once I removed my host override for my domain-name!



  • You might find that Split DNS is a much better and elegant solution.  Add a domain override to your DNS Forwarder/Resolver (whichever one you use) that points your FQDN to the LAN IP address.  NAT Reflection is a hack that is best avoided if you can.  1:1 NAT is also best avoided unless you really do need to totally open up the host.

    Edit:  Glad to hear you got it working.  I would still remove NAT Reflection and add a domain override to point to LAN.



  • Im glad too :) I will take a look into the split dns also. It may be a bit more work since I dont use dns for all of my services but I can of course add host overrides to each one.


Log in to reply