Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Public VIPs and access to them from LAN

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      motzel
      last edited by

      Hello,

      I have pfSense installation with two NICs: WAN (public IP from my ISP: 193.xxx.xxx.xxx) and LAN (10.0.0.0/24).
      My ISP gave me also a few others IPs: 81.xxx.xxx.0/26.

      LAN can access outside world without any problem (seen to world as 193.xxx.xxx.xxx).

      But now I try to setup one of my LAN computer as a public web server using one of 81.xxx.xxx.0/26 IP.

      So first I've created VIP 81.xxx.xxx.3, then NAT 1:1, as below:

      Interface External IP        Internal IP
      WAN      81.xxx.xxx.3/32 10.0.0.3/32

      And finally firewall rule:

      Proto Source Port Destination Port Gateway
      *      *        *    10.0.0.3    *    *

      When I test it from other ISP network everything works as expected. BUT it not works when I try the same thing from LAN. I can not access web server or even ping it!

      I've read other posts from this forum, so I've tried to uncheck "Disable NAT Reflection", but it doesn't change anything.

      What should I do to make it working?

      Best regards,

      motzel

      1 Reply Last reply Reply Quote 0
      • M
        motzel
        last edited by

        Ok. Problem solved (in part at least).

        I've disabled NAT reflection, created some DNS forwarder and Port forward entries and it works as expected. Well, the only drawback is not being able to ping server from LAN, but it should be enough.

        BTW. I've encountered strange thing (bug) in Firewall Aliases. As all of us I'm lazy so I tried to create alias for all ports my server should provide and then create just one Port Forward entry using alias created earlier. But it didn't work, I couldn't connect to server. So I've removed alias and created 5 separated entries in Port Forward (one for each port) and it works! Is this a bug or just my misunderstanding what is a purpose of port aliases?

        BTW2. I've encoutered another problem with strange HTTPS lags which I describing here: http://forum.pfsense.org/index.php/topic,12343.0.html

        Best Regards,

        motzel

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.