NAT Problem!



  • Dear all,
    I have problem:

    • Client(10.0.0.5) cannot call to IP WAN + port 80 of Client(10.0.0.10) but Client(10.0.0.5) can ping to Client(10.0.0.10).

    How do I do for resolve problem  :'(?

    Thanks!



  • Check your firewall rules first for WAN port on Pfsense.
    Second, on the Interfaces ==>> WAN settings page
    unselect
    "Block private networks and loopback addresses"
    and
    "Block bogon networks"



  • Hi kobzar,

    • From outside can connect to port 80 of client (10.0.0.10 ) => Rule on WAN interface is correct.
    • On Wan Setting page, I unselected two option "Block private networks and loopback addresses" and "Block bogon networks", but I have recived the same problem.

    Thanks.


  • LAYER 8 Global Moderator

    your drawing shows a duplicate IP client 2 is 10.0.0.10 and then your trying to port forward that same address port 80 to something behind it.. that you hide???  WTF for?



  • Hi johnpoz,
    Client 10.0.0.10 forward port 80 over Public IP of WAN Pfsense and then Client 10.0.0.5 call to WANIP port 80 but not success!

    Thanks.


  • LAYER 8 Global Moderator

    what???  Makes ZERO sense..  Clients don't forward ports…

    You have clients inside your transit network to the internet.. According to your drawing the wan IP of pfsense in this 10.0.0/? transit is 10.0.0.10, and then you also have a client with that same 10.0.0.10 address..

    Post up your port forwards from pfsense.. And what is the IP of your device trying to access your forward..  Where is pfsense forward port 80 too??  What IP??  Something behind it??



  • Hi,
    I tried explaint the topology on attach file.

    Thanks.



  • LAYER 8 Global Moderator

    That drawing is horrific!!!

    So your clients are behind pfsense on a 10.0.0/24 network??

    So pfsense wan is 125.x.x.x.. So you have a client trying to hit your webserver via your public IP..  For that to work you have to have setup NAT reflection.  But if your client on 10.0.0.5 wants to talk to client 10.0.0.10 why you not just resolve abc.com to 10.0.0.10 on pfsense via a host override!!


Log in to reply