NAT Reflection Issue



  • Hi

    We have a webserver with more than 500 websites and some web applications such as Wordpress need to be able to access their own URL so, we need to have NAT reflection in place.
    Ports 80,443 have been forwared to the internal webserver server using NAT > Port Forward and I have already enabled NAT Reflection from Firewall > System > Advanced > Firewall & NAT :
    NAT Reflection mode for port forwards => Pure NAT
    Enable NAT Reflection for 1:1 NAT
    Enable automatic outbound NAT for Reflection

    I still cannot access the websites from inside the server (windows server).
    I have read the documents and searched the forum but, I coulnd't find the answer.

    Any advice or suggestions will be appreciated.



  • I guess you have to do some filtering/aliases to associate every domains access trought specific nat port range over w.k.p. if your web server don't do it by self, but this approach isn't a good pratice (I think) because you need to set proper custom ports configuration on server side for every single http/https wordpress like instance/domain, to get nat to vork correctly. But I'm not a IT professional, only guessing because nat basically need a specific ip:port to bind for incoming connections.



  • This is not possible because we have websites create/removed every day and there has to be another way to approach this.
    In our other firewall (Sophos UTM) there is a NAT method called "Full NAT" that can handle this kind of requests.



  • Switch the NAT reflection mode to "NAT + proxy". You may specify this also in the appropriate Port-forwarding rule to set it only for this one NAT rule.

    Consider that the proxy mode overrides filter rules.



  • @viragomann said in NAT Reflection Issue:

    Switch the NAT reflection mode to "NAT + proxy". You may specify this also in the appropriate Port-forwarding rule to set it only for this one NAT rule.

    Consider that the proxy mode overrides filter rules.

    Thank you viragomann changing the NAT reflection to "NAT + Proxy" worked like a charm.



  • This post is deleted!