Problem with access to nat 1:1 server from internal LAN



  • I have pfsense version 2.3.3-RELEASE-p1 (amd64)
    built on Thu Mar 09 07:17:41 CST 2017
    FreeBSD 10.3-RELEASE-p17 as virtual machine
    (VMware ESXi 5.5.0) with 2 physical nic (LAN and WAN).

    I have problem with access to owncloud serwer (internal lan virtual machine) by external ip (35.190.75.132) or dns name
    (cloud.mydomain.com) from internal lan in my work.I can access only by internal address 192.168.1.26.

    From outside everything works correctly.
    I can ping and access to owncloud server over https and ssh to 35.190.75.132 and cloud.mydomain.com without any problems.

    I have some additional ip addresses for example:
    35.190.75.131,35.190.75.132,35.190.75.133, etc.

    192.168.1.1 is my LAN pfsense address (Interfaces -> LAN)
    35.190.75.131 is my primary WAN adress (Interfaces -> WAN)
    35.190.75.132 is my external owncloud address (Address added in Firewall -> Virtual IPs)

    Type: Ip Alias
    Interface: WAN
    Address type: Single address
    Address(es):35.190.75.132

    In Firewall -> NAT -> 1:1 menu I have entry:

    Disabled: not checked
    No BINAT (NOT): not checked
    Interface: WAN
    External subnet IP: 35.190.75.132
    Internal IP: Single host: 192.168.1.26
    Destination: Any
    Nat reflection: Use system default

    In Firewall -> Rules menu -> I have rule:

    Action: Pass
    Disabled: not checked
    Interface: WAN
    Address family: IPv4
    Protocol: Any
    Source: Any
    Destination: Singlehost or alias : 192.168.1.26

    In System -> Advanced -> Firewall & NAT menu I have:

    NAT Reflection mode for port forwards: Pure NAT
    Enable NAT Reflection for 1:1 NAT: checked
    Enable automatic outbound NAT for Reflection: checked

    I tried with the option Services -> DNS Forwarder

    Enable: checked
    DHCP Registration: not checked
    Static DHCP: not checked
    Prefer DHCP: not checked
    DNS Query Forwarding: not checked
    Interfaces: LAN
    Strict binding: checked

    Host overrides -> Add:

    Host: cloud
    Domain: mydomain.com
    Ip Address: 192.168.1.26 or 35.190.75.132

    Then I set in my Windows 10 test workstation:
    Preffered DNS serwer: 192.168.1.1 (Internal pfsense address).
    But it still does not work.

    I have Active Directory server with DNS on 192.168.1.20 address.
    All computers have this address as primary DNS server.
    I can not set their DNS address as 192.168.1.1.

    I read this article but it did not help me:

    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

    Please help me ! Thx :)



  • @kazzuja:

    I have Active Directory server with DNS on 192.168.1.20 address.
    All computers have this address as primary DNS server.
    I can not set their DNS address as 192.168.1.1.

    So add the external hostname of the owncloud server to this DNS with its internal IP and verify if your computers resolve it correctly (after flushing DNS cache!).



  • Kazzuja, did you manage to resolve your issue?
    Especially the part where you can ping the external IP…


Log in to reply