Accessing services from within LAN



  • i am new to pfsense so please bear with me.

    we have setup a pfsense firewall with some NAT rules to allow incoming traffic to be forwarded to various hosts based on ports - i.e. traffic on WAN port 80 goes to 192.168.0.xxx, traffic on WAN port 22 goes to 192.168.0.yyy and so forth.

    this setup works fine if we try to access these services from outside our network. we can use ssh ourdomain.ca or http://ourdomain.ca and we see expected results.

    if we try to access them from within our network, for example by visiting http://ourdomain.ca, we get connection timeouts.

    we have not setup any LAN NAT rules - can this be the cause?

    any help appreciated.





  • this is what i was after. thanks for pointing that thread out to me. i am a bit of a network setup newbie, so i didn't even know to search for "nat reflection".

    thanks again.

    Disable NAT Reflection  = Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks. Note: Reflection only works on port forward type items and does not work for large ranges > 500 ports.



  • I was having this same problem and that fixed it for me as well.
    Now, I can connect to my WAN IP from within the LAN.

    Unfortunately, I'm getting a weird problem now where my SSH connection to my linux box (within the LAN) is closed after about 30 seconds when I connect to the WAN IP instead of the LAN IP.

    Just to be clear, I have pfSense setup as my home router. No complex setup or anything, just a WAN and a LAN. I have a linux box connected via ethernet and a laptop connected via wireless through an airport extreme router (in bridge mode). Everything seems to be working great except for this.

    I can SSH into my linux box using it's LAN IP and I stay connected just fine.
    If I SSH into my linux box using the WAN IP it closes the connection after about 30 seconds of inactivity.
    I have port forwarding and firewall rules setup to allow port 22 traffic into my linux box.

    Any ideas?


Locked