Accessing NAT on LAN
-
I posted a comment in another thread but I didn't want to hijack Eddie55's thread, and my issue is a little different.
I have successfully port forwarded my Home Automation ip and I can access it remotely. However I cannot access it while on the LAN. I have applied the settings as described in section 1 of this article (NAT Reflection), but does not fix the problem. Can anyone offer other suggestions. Happy to provide screen shots if helpful. Please know I'm a newbie and not a networking guru, so go easy on me LOL.
Why can't I access forwarded ports on my WAN IP from my LAN/OPTx networks
https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
-
Split DNS is the best way to go and you should try to use that unless there is a specific reason you can't.
-
@KOM:
Split DNS is the best way to go and you should try to use that unless there is a specific reason you can't.
OK, but a newbie question. I was not sure what Host and Domain name I was supposed to use? Also, if I use Split DNS, do I disable the NAT Reflection.
-
I was not sure what Host and Domain name I was supposed to use?
The same FQDN you're using to access it externally. So if you use www.mywebsite.com externally, you would create a host override in your pfSense DNS Resolver that resolves www.mywebsite.com to its LAN IP address.
Also, if I use Split DNS, do I disable the NAT Reflection.
Yes.
-
Sorry, but this may be the point of confusion. I am not accessing a FQDN externally. Rather I am accessing the Home Automation controller (HAI/Leviton to be exact) that is connected to my local pfSense router. It is not identified in the system as a domain name. Unless you are referring to the system name that is listed in the dashboard, which is currently pfSense.localdomain.
-
Well then, either get a free domain from someone and use that, or just use the WAN IP externally and LAN IP internally. Neither NAT Reflection mode worked for you?
-
so when your outside your network your using say 1.2.3.4, your public IP..
So yeah as KOM says get a domain or use a free domain. So that host.somepublidomain.tld resolves to your public IP 1.2.3.4 in this example. Then create a host override so that host.somepublicdomain.tld resolves to your rfc1918 address lets call it it 192.168.1.100, and when you outside your network using public dns be it your at some hotspot or on your phone using your data plan or some wifi at a starbucks that host.somepublicdomain.tld would resolve to your 1.2.3.4 address and be forwarded in.
-
so when your outside your network your using say 1.2.3.4, your public IP..
So yeah as KOM says get a domain or use a free domain. So that host.somepublidomain.tld resolves to your public IP 1.2.3.4 in this example. Then create a host override so that host.somepublicdomain.tld resolves to your rfc1918 address lets call it it 192.168.1.100, and when you outside your network using public dns be it your at some hotspot or on your phone using your data plan or some wifi at a starbucks that host.somepublicdomain.tld would resolve to your 1.2.3.4 address and be forwarded in.
Thanks for the input guys. Just to clarify the above. You give an example of connecting while I'm away from my network, i.e. Starbucks. But I already have visibility to my Home Automation controller through port forwarding when I'm not on my network. What I can't do is access the same controller while I am logged into my own network. Will the above fix that too?
-
Yes, by abstracting the actual IP address used to access the resource.
-
@KOM:
Yes, by abstracting the actual IP address used to access the resource.
Thanks KOM. I will try that in the a.m. And No NAT Reflection either way did not work for me.
