Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding and loopback

    NAT
    2
    3
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mkoniarz
      last edited by

      Hello.

      I'm very newbie with pfSense - only 3 days until now :) and sorry for poor english.

      My setup is like this:

      I had configured and working:
      #1 Access to internet from LAN
      #2 Load balancing/failover witch sticky connections.

      And now the problems:
      #1 Cannot access my web server from outside
      #2 How to redirect request from LAN to my web servers (loopback) - don't want any DNS forwarder - all traffic should go through pfSense

      for #1 I followed this tutorial:
      Link

      but for some reason it didn't work. For now only port 80 has to be configured, if this will work, then I configure the rest accordingly.
      pfSense access from LAN work on port 8888.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Well until you get #1 working, Nat reflection is not going to work either.

        For #2 you would setup nat reflection.

        How exactly do you have pfsense setup using 4 wan connections that have been natted already.. I personally would use 4 different transit networks to talk to your isp routers.  Better yet would be putting public IPs right on pfsense vs double nat.

        In your configuration your loosing ability to use your public IPs on the same port, unless you plan on using VIPs on that common transit?  If you can not use public IPs on pfsense wan, then use different transit networks for each wan connection.

        Keep in mind your nat reflection in your setup with your ISP doing nat to public will have to happen at your ISP device.. Nat reflection in a double nat is going to be PITA.. Why do you want to use nat reflection when your servers are on the same network as your lan?  Why not just resolve their names to their local IPs from your devices that are on the same network?  Sure hope you don't think using nat reflection is some sort of extra security??

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          mkoniarz
          last edited by

          Ok, I had configured totally wrong setup. :(

          I can configure each ISP router to use different lan address& network& DMZ - but cannot get public IP  - all had to use DMZ, no possibility to setup bridge mode :(

          I need load balancing for LAN computers, and that my servers can be accessible from all of my 4 public IP.

          All internal IP configuration can be changed. All my internal servers can be reconfigured (Debian). My pfSense box has 5 ethernet card, so there are many possibilities :)

          I don't need any additional security for now.

          Howto do You suggest then? for testing, simplest solution will be best.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.