1. Home
  2. pfSense® Software
  3. NAT
  4. [RESOLVED] Problem with NAT with Multi LANs

[RESOLVED] Problem with NAT with Multi LANs

  • A

    Hi all,

    I'm a bit of a noob, that's quite a bit overwhelmed. Everything can access the Internet again. Hurricane Irma damaged my equipment, but that's been restored. My Hardware config is a multihomed box…

    eth0 = WAN (DHCP from ISP)
    eth1 = LAN (Class B IPs)
    eth2 = Guest LAN (Class C IPs)
    eth3 = External WiFi AP (Class B IPs through Bridge)
    wlan0 = Internal WiFi AP (Class B IPs through Bridge)
    wlan1 = USB WiFi AP (Backup incase I lose configs again) (Class B IPs through Bridge)

    Bridge0 = eth1, eth3, wlan0, wlan1
    Bridge0 DNS is the Gateway IP for LAN
    DDNS bound to eth0

    I have Multiple Servers on LAN that I NAT too (i.e. Plex)

    Now my issue.... if it hasn't already been guessed... eth2 can't access my plex... it can access the internet but can't access my NAT stuff... I want it to be separate from my LAN, and have the same access as the outside... I have NO idea where to do this... and I've tried so much, i can't remember what.... any help would be appreciated.

    0
  • V

    I presume you want to access the servers by their public host names.

    Now, have you added DNS overrides for it or activate NAT reflection?
    Do the Guest LAN rules allow access to the LAN servers?

    0
  • A

    Yes, by the public host names

    Guest Network has no DNS overrides (if it is what I think it is) and uses the google public dns servers only.

    Guest Network is not configured in NAT in anyway….

    And the only rule guest Network has is all open to the internet w/ WAN as the gateway

    I'm not sure if I answered the questions, as like I said in my post I am an overwhelmed noob

    **** UPDATE ****
    NAT Reflection is enabled and I do have DNS Overrides on LAN only ( I looked it up)... the overrides I need the stay LAN only as a number of hosts on it can not be viewed from the outside or guest Network

    0
  • V

    If you don't want or cannot use DNS overrides activate NAT reflection as mentioned.
    You can do that per NAT rule (option "NAT reflection" at the bottom) or globally in System >  Advanced >  Firewall & NAT. "Pure NAT" should work for you.

    Of course you need also a firewall rule to allow the access from the guest network except you've set a filter rule association in the NAT rule.

    0
  • A

    Pure NAT is set up… but what would the firewall rule look like? I think that's the piece I am missing

    0
  • A

    That was it…. I created an alias called Port_Hole with the external FQDNs in it.... Then I created the following GUEST_NETWORK rule

    Source: GUEST_NETWORK net
    Destination: Port_Hole

    and it works... My Plex connects

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy