Access to DMZ from LAN through external interface (WAN)

  • OK, not sure exactly where this fits in or even if it's a pfSense question but here goes…

    I have a pfSense firewall with 3 interfaces, WAN, LAN and DMZ..

    The DMZ contains my Apache httpd server farm, the LAN, my tomcats and database servers...  The application running on the TCs needs to access a dtd that is located on the Apache farm in the form of a call to ""

    The dtd file is readily accessible from anywhere on the net, EXCEPT, any of the servers on the LAN.... The domain resolves to the correct external IP, but I always get a 404 as a response... There are no traces of the request for the file on the http servers, nothing in access_log or error_log.

    Any clue  ???

    Thanks in advance..


  • Are you using NAT, and if so, have you got NAT reflection turned on?

    Sounds like your tomcats are resolving to the external IP address and trying to connect on external_ip:80, which probably won't work without NAT reflection.

  • Thanks for the quick reply Bern,

    Yes indeed, my TCs are trying to access external_ip:80… that's exaclty what my problem is. I'll have a look at NAT reflection



Log in to reply