LAN cannot access WAN public IP



  • Hi All,

    I can ping my WAN public IP both in WLAN and LAN, but I cannot access it using browser. But outside LAN and WLAN, I can access my public IP.



  • Was you config outbound NAT?
    Firewall -> NAT -> Outbound -> Check "Automatic outbound NAT rule generation (IPsec passthrough included)"



  • Configuration is manual outbound NAT (AON). I can use it before but when I restore the configuration I cannot access my WAN IP.

    I try all NAT settings. Can you help me enumerate your settings.



  • I set it to automatic and why still no luck at all. And no gateways to my LAN and WLAN



  • I know this problem was brought up by others before. When I have a problem with my pfsense box I messed up and restore the old backup config file. After restoration my pfsense went back at normal but this issue still cannot resolve. I already done all. Please see attached image files.





  • LAYER 8 Global Moderator

    can access your wan public IP from outside?

    Please post your firewall rules.. Wan, lan and your wlan - you say you can ping your wan IP.. But you can not access the web gui?  Is that what you mean by access?



  • I can access my WAN outside. Yes i can ping my WAN IP inside but i cannot access its web GUI.


  • LAYER 8 Global Moderator

    So please post your rules for your wan and your lan side interfaces.



  • Please see attached image file. I even tried to set the rules to "any" "any" as shown in image but still no luck.






  • Kindly check the diagnostic status states that shown in image.



  • LAYER 8 Global Moderator

    you have a ANY ANY Rule on the top of your wan rules - so NO shit you can access your web gui from internet ;)

    And then you have an any any rule on the top of your LAN right underneath the antilockout… So all of those rules below are completely utterly pointless!!

    What rules do you have in floating?  And what is your outbound nat?



  • Thank you for your response. This issue is now solved. Important rule in not port forwarding. We should enable the NAT reflection. It's my fault because I focus on outbound NAT.


  • LAYER 8 Global Moderator

    "We should enable the NAT reflection"

    No not really… Its an abomination if you ask me!  There is like zero reason other than bad design or laziness that nat reflection should be needed.. You have a server on the local network serving up some service..  Why in the world should not just resolve whatever FQDN you want to use to the local IP, so you do not have to be reflected back..

    Now if whatever your using is hard coded to this public IP - then ok, but that is just bad design...

    You want to use something.publicdomain.tld that resolves to public IP (your wan) then just create a host override so something.publicdomain.tld resolves to the rfc1918 address and never has to be reflected back in..



  • Hi there,

    Here I am again, one of my remote site with the same scenario. It can ping the WAN but it cannot access the web gui.

    All are solve but this remote site still cannot acess.


Log in to reply