1 to 1 configuration issue
Hello everybody, first of all here is what I am trying to achieve:
I have a pfSense firewall (a CARP-based cluster to be more precise) with a public IP configured on WAN interface, and communications / NAT to LAN work without problems. Now I configured a second public IP on the same WAN interface, and I want to map it 1:1 on a server that is on the LAN behind pfSense firewall.
I followed the documentation and configured a 1:1 NAT, and now the server on the LAN is correctly reachable from the internet, but I have two issues:
- Connections (e.g. on apache web server, or SSH) from the internet are always seen as coming from the pfSense firewall LAN IP in the logs, I do not see public IPs in the log files.
- If from the server itself I try to access the public IP NATted on the server, the pfSense web interface appears, and the same happens with SSH. I add an example:
LAN IP: root@serverLAN: ssh firstname.lastname@example.org -> I correctly connect to the LAN server
WAN IP mapped 1-1: root@serverLAN: ssh email@example.com.XXX.XXX -> I connect to pfSense and not to the LAN server
As far as I understood I need to enable NAT reflection, so I followed this documentation: https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html but I did not manage to solve the problem. What am I doing wrong? Is it possible to achieve what I am trying to do?