Cannot access FQDN behind firewall - after VPN setup



  • Cannot access my local web or email server when behind firewall.

    I originally had NAT reflection setup and it was working correctly. I then subscribed to HMA VPN service and configured openVPN client on the pfsense router.

    I enabled Manual Outbound NAT so I could control which LAN IP's use the VPN tunnel. Pic attached.
    I also added appropriate LAN and WAN firewall rules.

    I can ping myfqdn.com from windows client on the LAN and it resolves properly to my public IP.
    When accessing myfqdn.com from outside the LAN everything works properly also.
    I cannot see any activity in the firewall log when accessing myfqdn.com from inside LAN??

    any advice?

    thanks!



  • No advice (yet) but question: where is myfqdn.com locate?
    I guess answer is "on the LAN" but then I wonder why it resolves with your public IP  :o



  • myfqdn.com is located on the same LAN the windows client is on.

    Windows client IP: 192.168.1.19
    Web server myfqdn.com IP: 192.168.1.137
    Public IP: X.X.X.X

    Diagnostic / States

    192.168.1.19 -> 192.168.1.1 (X.X.X.X) -> 192.168.1.137 SYN_SENT:CLOSED
    192.168.1.137 <- 192.168.1.19        CLOSED:SYN_SENT

    I can't remember the ports from the above log entry; going my memory here can't access log at the moment.

    Looks like NAT outbound issue to me? Like the web server responds but it doesn't reach the win client?



  • You could probably avoid this whole mess by dropping NAT Reflection and using split DNS instead.  Then there is no outbound NAT issue or gateway issues.



  • @KOM:

    You could probably avoid this whole mess by dropping NAT Reflection and using split DNS instead.  Then there is no outbound NAT issue or gateway issues.

    thank you for the suggestion.
    I disabled all NAT reflection and added 3 host overrides to the DNS Resolver and all is well.

    MUCH simpler. If anyone else is struggling with NAT reflection, please use the DNS resolver.


Log in to reply