Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    1:1 nat is not working

    Off-Topic & Non-Support Discussion
    3
    6
    75
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      miguelmirandag last edited by

      Hi to all, i am trying to configure a 1:1 nat, it is not working. This is what i have done:

      • Configured a virtual ip of type ip alias, bounded to localhost.

      1ce2c807-9c9e-4e07-b48a-251e83ede86c-image.png

      • Configure 1:1 NAT using the virtual ip on wan and local ip in lan interface.

      4c000c62-44df-4775-b8f8-3f3c69fa2668-image.png

      • Configured a rule to allow http traffic:

      0045f6c5-fa98-447e-9dc7-e16a8c8721f6-image.png

      I try to load my web page and it gives timeout error.

      What am i missing, is it necessary an outbound rule?

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        The NAT forum would be a better place to post this.

        Are you testing from inside your network?

        https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html

        1 Reply Last reply Reply Quote 0
        • ptt
          ptt Rebel Alliance last edited by

          Interface: "WAN" (instead Localhost)

          https://docs.netgate.com/pfsense/en/latest/nat/1-1-nat.html

          1 Reply Last reply Reply Quote 0
          • KOM
            KOM last edited by

            Good catch. That's probably exactly it.

            Btw, you don't need a 1:1 NAT just for a web server. You can do it through a port forward.

            1 Reply Last reply Reply Quote 0
            • M
              miguelmirandag last edited by miguelmirandag

              I used localhost beacuse the local ip address of wan interface is private and i route a public segment via this private segment, thats what my provider sugested, somothing similar to loopback interfaces in routers.
              I am trying the connection from inside (lan) network.
              If i change the nat from 1:1 nat to por forware do i need to configure an outbound rule?

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by KOM

                Then you have to either enable NAT reflection or configure your DNS to resolve your web server's FQDN to its LAN IP address, as per the document I linked to. Try it from the WAN side. Does it work then?

                No, you don't need to play with outbound rules for those NATs.

                I've never seen a NAT with localhost used. If you still can't get it working from either side, I would put it back to WAN as ptt suggested.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post