Problem with WAN in LAN



  • Hi, I have a problem with my LAN (172.11.90.0/24), the problem is as follows:
    I have a server 172.11.90.10 with NAT 1: 1 to a public IP of WAN ex: 200.200.200.200, that server has CPANEL installed and in the rules I have all the ports exposed, from any external Internet network I can access and everything works Well, the problem is when internally (LAN) I want to connect for example to port 25, 465,587,110,993, etc., it does not answer me and I always get a time out, if I do a telnet it does not answer anything, if I do a traceroute it does not jump, I do not know why that happens, that is, from the Internet to the server everything works but internally in the same LAN does not work and has no communication. Could you help me understand this please.


  • LAYER 8 Global Moderator

    @oscar-omar-upt said in Problem with WAN in LAN:

    AN (172.11.90.0/24),

    That is not rfc1918 space.. So your public 200 is easy to make out that your trying to call it public.. But with that 172.11 did they just make it up - why? would they not just make up something inside rfc1918 space if they are worried about giving their real rfc1918 IP for some crazy reason?

    If your trying to access public IP to get forwarded back in, then you need to make sure you setup nat reflection... Which would be better to just access the local ip vs actually trying to do some nat reflection BS..

    Do a host override so when your local your resolve fqdn to whatever local IP is vs public one.



  • You may not explain to me, the problem is this:

    I have a server with IP 10.0.0.3 and it has a NAT to the public IP 200.200.200.200, the NAT I do it in PFsense and I add the ports that I want to listen to, create a domain to the IP 200.200.200.200 called mail.mydomin. com.
    I have a server within the same network, the server has the IP 10.0.0.4 and from that server I need to send emails but they do not leave, since this server does not recognize the IP 200.200.200.200, when I ping, telnet does not answer anything. If I do it from a network (for example my laptop) it works perfectly.
    If I do the same tests locally, that is to say a ping or telnet to IP 10.0.0.3 it answers everything! The 10.0.0.0/24 network is my LAN and the IP 200.200.200.200 is a virtual IP of my public IP network segment.

    Thanks for the help.


  • LAYER 8 Global Moderator

    Again use your local IP vs the public on on your wan when your local... So your email server is say smtp.domain.tld on the public internet this resolves to 200.200.200.200 for example.

    So setup host override locally so that smtp.domain.tld resolves to 10.0.0.4 the smtp servers actual local IP.



  • I understand, and I have mitigated some problems like this, adding in my hosts file the IP 10.0.0.3 to the mail.domain.com domain, however I have 10 VMs using the same service, I have done the same action in the 10VMs, my question is why does this happen? Why Pfsense has that behavior, if everything will work fine, I shouldn't do this, that is, there is a problem because this is a temporary solution, if everything will work fine I would not have to make any changes to my servers to add that data.

    Thanks @johnpoz


Log in to reply