Question about reflection

  • All,
    I have the following pfsense setup. My WAN is 192.168.1.x and my LAN is 172.16.0.x.

    I am using NAT to translate RDP requests. I have an internet facing IP(not under my control), that is forwarded to my pfsense IP at Based on this port I then get forwarded to the correct 172.16.0.X address, and go about my RDP business. This works correctly.

    My problem is I have another machine on address that I would like to RDP from my external IP address(Recall this is forwarded directly to my pfsense). I add a NAT rule to map to this IP address, but of course it is not a LAN address, so it does not work. When I enable NAT reflection and attempt the connection from inside my network the request to the external address gets kicked to my 192.168.1.X gateway, and then on to my address and then it works. However when I connect from outside my network nothing happens(Tcpdump just shows a connection between this external address and and then nothing else).

    The reflection settings says that "Required for full functionality of the pure NAT mode of NAT Reflection for port forwards or NAT Reflection for 1:1 NAT. Note: This only works for assigned interfaces. Other interfaces require manually creating the outbound NAT rules that direct the reply packets back through the router." so I Guess I need to create some sort of outbound NAT rule, but I'm not really sure what this rule should look like or if this is exactly the right approach.

    Any help greatly appreciated.