Problem with NAT port web server. Please help me!!!



  • Hello,
    I used pfsense 2.3.5. I setup pfsense on PC with 5 Lan card.
    I setup 3 WAN ppoe on pfsense.
    wan1: 100Mb with 1 public IP
    Wan2: 60Mb
    Wan3: 75Mb witch 1 public IP
    I loadbalance 3 wan.
    Internal network I have 2 subnet.
    1 subnet for LAN (172.16.0.0/16)
    1 subnet for wifi (172.15.0.0/16)
    I have 1 web server in LAN (IP web server: 172.16.254.3)
    I want to public web server by NAT port forarding. I NAT via Wan1.
    when I NAT web server, user outside access my website is ok.
    But, user inside not ok. when I access my website in internal network, My website redirect to WebGUI pfsense.
    I can not access to my website.
    Please help me.
    Thanks



  • Either enable a NAT Reflection mode or configure split DNS to resolve its domain to is LAN IP address.

    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks



  • thanks so much for your reply.
    It is ok



  • Sorry, let me ask you the question the other day
    I used pfsense 2.3.5. I setup pfsense on PC with 5 Lan card.
    I setup 3 WAN ppoe on pfsense.
    wan1: 100Mb with 1 public IP
    Wan2: 60Mb
    Wan3: 75Mb witch 1 public IP
    I loadbalance 3 wan.
    Internal network I have 2 subnet.
    1 subnet for LAN (172.16.0.0/16)
    1 subnet for WIFI (172.15.0.0/16)
    I have 1 web server in LAN (IP web server: 172.16.254.3)
    I want to public web server by NAT port forarding. I NAT via Wan1.
    when I NAT web server, user outside access my website is ok.
    But, user inside not ok. when I access my website in internal network, My website redirect to WebGUI pfsense.
    I can not access to my website.

    Then I followed this direction:
    Either enable a NAT Reflection mode or configure split DNS to resolve its domain to is LAN IP address.

    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

    I check that ok
    But today I found out that

    It's only ok when I access my website by WIFI interface.
    When I access my website by LAN interface not ok.

    WIFI interface: 172.15.0.0/16
    LAN interface: 172.16.0.0/16
    Local IP my website: 172.16.254.3

    Please help me.


  • Rebel Alliance Global Moderator

    1 subnet for LAN (172.16.0.0/16)
    1 subnet for WIFI (172.15.0.0/16)

    Why would you use such large masks??  Makes no sense to use such a large mask that includes 65K possible address.  Do you have that many hosts that might connect to those networks?



  • Thanks you.
    everything was ok when I switch to mode NAT + Proxy
    Originally I chose the mode Pure NAT

    Thank so much