4. Nat Reflection not working

Nat Reflection not working

  • D

    Well, we have a website that runs an application through an iframe. Since we don't have a public static IP, we use dynamic DNS in order to update the IP. The user on the website clicks the link, it redirects to the xxx.ddns. We port forwarded that port (8084) from WAN to the local server (192.168.0.233 port 8084)
    The local server has a static IP (192.168.0.233/24), pointing the gateway to pfsense (192.168.0.89), and with Windows Server 2012 resolving the DNS (192.168.0.8).
    It works fine when we are accessing from outside. I know we have two options, and the classy one would be Split DNS (I've managed to make it work through split Dns), but for internal reasons we can't maintain that. So, NAT Reflection is what we've got left.
    I've tried everything and it just doesn't work!
    My Scenario:
    Modem - 192.168.25.1

    PfSense 2.3.3 (virtual inside Esxi 6.5) - 192.168.0.89 (lan) 192.168.25.43 (wan)
    Windows Server 2012 (192.168.0.8)
    I've enabled NAT Reflection mode for port forwards (Pure Nat), Enable NAT Reflection for 1:1 NAT (which I don't need, but just in case), Enable automatic outbound NAT for Reflection. The NAT Outbond is set to Automatic. I've tried the same with three different machines / ports, but none of them worked.
    I've no idea what's wrong.
    I remember I've used the reflection once when I was on Hyper-v and it worked flawessly. Any tips? Thank you so much
    ![Screen Shot 2017-03-09 at 15.54.48.png](/public/imported_attachments/1/Screen Shot 2017-03-09 at 15.54.48.png)
    ![Screen Shot 2017-03-09 at 15.54.48.png_thumb](/public/imported_attachments/1/Screen Shot 2017-03-09 at 15.54.48.png_thumb)
    ![Screen Shot 2017-03-09 at 15.55.05.png](/public/imported_attachments/1/Screen Shot 2017-03-09 at 15.55.05.png)
    ![Screen Shot 2017-03-09 at 15.55.05.png_thumb](/public/imported_attachments/1/Screen Shot 2017-03-09 at 15.55.05.png_thumb)

    0
  • N

    Doesn't work is not much to go on.  Maybe what happens vs. what is expected to happen would be a more useful starting point.

    Have a look at these.  See if they contain anything relevant to your issue.

    NAT Reflection and HSTS Documentation
    https://forum.pfsense.org/index.php?topic=118761.msg657405#msg657405

    NAT Reflection Troubles
    https://forum.pfsense.org/index.php?topic=98764.msg550173#msg550173

    [SOLVED] Re: NAT Reflection Troubles
    https://forum.pfsense.org/index.php?topic=98764.msg550431#msg550431

    And also the official on-line manual.

    0
  • D

    Expected: From lan, connect to dynamic dns address. That address should reflect back to a workstation.
    I've gone through the Nat Reflection Troubles and none of the solutions have worked for me.
    Nat reflection is ON for port forwards (pure nat)
    port forward is properly set.
    The port forward works (can connect from outside), the reflection doesn't (can't connect from inside)

    0
  • K

    or what you an do which is a hassle depends on how many computers is to put the dynamic DNS on each computer and point to the internal IP on the hosts what i dont understand why NAT reflection wont work in this case, As i have linux server on hyper V running nginx with wordpress and WPAD implemented and works perfect internally and externally

    or create an A record for your website and point to the internal in your windows server

    0
  • K

    I think that you have the same problem that me.

    https://forum.pfsense.org/index.php?topic=127882.0

    Can you find a solution?

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy