Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing NAT on LAN

    Scheduled Pinned Locked Moved NAT
    10 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Powercat80
      last edited by

      I posted a comment in another thread but I didn't want to hijack Eddie55's thread, and my issue is a little different.

      I have successfully port forwarded my Home Automation ip and I can access it remotely.  However I cannot access it while on the LAN.  I have applied the settings as described in section 1 of this article (NAT Reflection), but does not fix the problem.  Can anyone offer other suggestions.  Happy to provide screen shots if helpful.  Please know I'm a newbie and not a networking guru, so go easy on me LOL.

      Why can't I access forwarded ports on my WAN IP from my LAN/OPTx networks
      https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Split DNS is the best way to go and you should try to use that unless there is a specific reason you can't.

        1 Reply Last reply Reply Quote 0
        • P
          Powercat80
          last edited by

          @KOM:

          Split DNS is the best way to go and you should try to use that unless there is a specific reason you can't.

          OK, but a newbie question.  I was not sure what Host and Domain name I was supposed to use?  Also, if I use Split DNS, do I disable the NAT Reflection.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I was not sure what Host and Domain name I was supposed to use?

            The same FQDN you're using to access it externally.  So if you use www.mywebsite.com externally, you would create a host override in your pfSense DNS Resolver that resolves www.mywebsite.com to its LAN IP address.

            Also, if I use Split DNS, do I disable the NAT Reflection.

            Yes.

            https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

            1 Reply Last reply Reply Quote 0
            • P
              Powercat80
              last edited by

              Sorry, but this may be the point of confusion.  I am not accessing a FQDN externally.  Rather I am accessing the Home Automation controller (HAI/Leviton to be exact) that is connected to my local pfSense router.  It is not identified in the system as a domain name.  Unless you are referring to the system name that is listed in the dashboard, which is currently pfSense.localdomain.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Well then, either get a free domain from someone and use that, or just use the WAN IP externally and LAN IP internally.  Neither NAT Reflection mode worked for you?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  so when your outside your network your using say 1.2.3.4, your public IP..

                  So yeah as KOM says get a domain or use a free domain.  So that host.somepublidomain.tld resolves to your public IP 1.2.3.4 in this example.  Then create a host override so that host.somepublicdomain.tld resolves to your rfc1918 address lets call it it 192.168.1.100, and when you outside your network using public dns be it your at some hotspot or on your phone using your data plan or some wifi at a starbucks that host.somepublicdomain.tld would resolve to your 1.2.3.4 address and be forwarded in.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • P
                    Powercat80
                    last edited by

                    @johnpoz:

                    so when your outside your network your using say 1.2.3.4, your public IP..

                    So yeah as KOM says get a domain or use a free domain.  So that host.somepublidomain.tld resolves to your public IP 1.2.3.4 in this example.  Then create a host override so that host.somepublicdomain.tld resolves to your rfc1918 address lets call it it 192.168.1.100, and when you outside your network using public dns be it your at some hotspot or on your phone using your data plan or some wifi at a starbucks that host.somepublicdomain.tld would resolve to your 1.2.3.4 address and be forwarded in.

                    Thanks for the input guys.  Just to clarify the above.  You give an example of connecting while I'm away from my network, i.e. Starbucks.  But I already have visibility to my Home Automation controller through port forwarding when I'm not on my network.  What I can't do is access the same controller while I am logged into my own network.  Will the above fix that too?

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      Yes, by abstracting the actual IP address used to access the resource.

                      1 Reply Last reply Reply Quote 0
                      • P
                        Powercat80
                        last edited by

                        @KOM:

                        Yes, by abstracting the actual IP address used to access the resource.

                        Thanks KOM.  I will try that in the a.m.  And No NAT Reflection either way did not work for me.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.