Accessing my own backup service
-
Hi,
I'm trying to access my own backup service from LAN with the IP:port of the WAN side. The port seems to be closed from inside my LAN, but not from outside. I'm doing this because I want to configure the backup client with external IP and port, so the backup works when I'm using my laptop outside my LAN.
Do I have to add any rule in pfSense to get this working?
Setup
(numbers are changed)- External IP:
98.128.171.45 - Port exposed by router on WAN side:
12345. Including NAT rule. - The backup service running on LAN with IP
192.168.5.123:12345 - The backup client on laptop is configured to use
98.128.171.45:12345(External IP) when connecting to the backup service.
What is happening?
- The port
12345is accessible from internet. Tested from ShieldsUP - The backup client fails to connect to the backup service when the laptop is on LAN.
- The backup client can connect and backup when the laptop is using VPN.
- I can see the traffic (in pfSense webUI) from my laptop on LAN being passed to the external IP
98.128.171.45:12345by this rule:
- For some reason the ports 22, 80, 443 (maybe more) are reported as open from pfSense Command Prompt, but on ShieldsUP they are stelth:
$ nc -z -v -w4 98.128.171.45 12345 connect to 98.128.171.45 port 12345 (tcp) failed: Operation timed out $ nc -z -v -w4 98.128.171.45 80 Connection to 98.128.171.45 80 port [tcp/http] succeeded!- A similar setup is working on another site, but with an Unifi-router and another ISP. Only with port forwarding rules on the router.
Thank you! Tomas
- External IP:
-
The correct way to do this is using a hostname and split DNS so it resolves to the internal IP when you're on LAN but you can also just enable NAT reflection.
https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html
Steve
-
Thank you!
Solved it by enabling NAT reflection on the port forward rule.
/Tomas