Port forwarding and loopback

  • Hello.

    I'm very newbie with pfSense - only 3 days until now :) and sorry for poor english.

    My setup is like this:

    I had configured and working:
    #1 Access to internet from LAN
    #2 Load balancing/failover witch sticky connections.

    And now the problems:
    #1 Cannot access my web server from outside
    #2 How to redirect request from LAN to my web servers (loopback) - don't want any DNS forwarder - all traffic should go through pfSense

    for #1 I followed this tutorial:

    but for some reason it didn't work. For now only port 80 has to be configured, if this will work, then I configure the rest accordingly.
    pfSense access from LAN work on port 8888.

  • LAYER 8 Global Moderator

    Well until you get #1 working, Nat reflection is not going to work either.

    For #2 you would setup nat reflection.

    How exactly do you have pfsense setup using 4 wan connections that have been natted already.. I personally would use 4 different transit networks to talk to your isp routers.  Better yet would be putting public IPs right on pfsense vs double nat.

    In your configuration your loosing ability to use your public IPs on the same port, unless you plan on using VIPs on that common transit?  If you can not use public IPs on pfsense wan, then use different transit networks for each wan connection.

    Keep in mind your nat reflection in your setup with your ISP doing nat to public will have to happen at your ISP device.. Nat reflection in a double nat is going to be PITA.. Why do you want to use nat reflection when your servers are on the same network as your lan?  Why not just resolve their names to their local IPs from your devices that are on the same network?  Sure hope you don't think using nat reflection is some sort of extra security??

  • Ok, I had configured totally wrong setup. :(

    I can configure each ISP router to use different lan address& network& DMZ - but cannot get public IP  - all had to use DMZ, no possibility to setup bridge mode :(

    I need load balancing for LAN computers, and that my servers can be accessible from all of my 4 public IP.

    All internal IP configuration can be changed. All my internal servers can be reconfigured (Debian). My pfSense box has 5 ethernet card, so there are many possibilities :)

    I don't need any additional security for now.

    Howto do You suggest then? for testing, simplest solution will be best.

Log in to reply