Public VIPs and access to them from LAN



  • Hello,

    I have pfSense installation with two NICs: WAN (public IP from my ISP: 193.xxx.xxx.xxx) and LAN (10.0.0.0/24).
    My ISP gave me also a few others IPs: 81.xxx.xxx.0/26.

    LAN can access outside world without any problem (seen to world as 193.xxx.xxx.xxx).

    But now I try to setup one of my LAN computer as a public web server using one of 81.xxx.xxx.0/26 IP.

    So first I've created VIP 81.xxx.xxx.3, then NAT 1:1, as below:

    Interface External IP        Internal IP
    WAN      81.xxx.xxx.3/32 10.0.0.3/32

    And finally firewall rule:

    Proto Source Port Destination Port Gateway
    *      *        *    10.0.0.3    *    *

    When I test it from other ISP network everything works as expected. BUT it not works when I try the same thing from LAN. I can not access web server or even ping it!

    I've read other posts from this forum, so I've tried to uncheck "Disable NAT Reflection", but it doesn't change anything.

    What should I do to make it working?

    Best regards,

    motzel



  • Ok. Problem solved (in part at least).

    I've disabled NAT reflection, created some DNS forwarder and Port forward entries and it works as expected. Well, the only drawback is not being able to ping server from LAN, but it should be enough.

    BTW. I've encountered strange thing (bug) in Firewall Aliases. As all of us I'm lazy so I tried to create alias for all ports my server should provide and then create just one Port Forward entry using alias created earlier. But it didn't work, I couldn't connect to server. So I've removed alias and created 5 separated entries in Port Forward (one for each port) and it works! Is this a bug or just my misunderstanding what is a purpose of port aliases?

    BTW2. I've encoutered another problem with strange HTTPS lags which I describing here: http://forum.pfsense.org/index.php/topic,12343.0.html

    Best Regards,

    motzel


Log in to reply