Accessing my own backup service

  • Hi,

    I'm trying to access my own backup service from LAN with the IP:port of the WAN side. The port seems to be closed from inside my LAN, but not from outside. I'm doing this because I want to configure the backup client with external IP and port, so the backup works when I'm using my laptop outside my LAN.

    Do I have to add any rule in pfSense to get this working?

    (numbers are changed)

    • External IP:
    • Port exposed by router on WAN side: 12345. Including NAT rule.
    • The backup service running on LAN with IP
    • The backup client on laptop is configured to use (External IP) when connecting to the backup service.

    What is happening?

    • The port 12345 is accessible from internet. Tested from ShieldsUP
    • The backup client fails to connect to the backup service when the laptop is on LAN.
    • The backup client can connect and backup when the laptop is using VPN.
    • I can see the traffic (in pfSense webUI) from my laptop on LAN being passed to the external IP by this rule: 38b6eb81-b1a6-4eb9-9f49-85ff45991043-image.png
    • For some reason the ports 22, 80, 443 (maybe more) are reported as open from pfSense Command Prompt, but on ShieldsUP they are stelth:
    $ nc -z -v -w4 12345
    connect to port 12345 (tcp) failed: Operation timed out
    $ nc -z -v -w4 80
    Connection to 80 port [tcp/http] succeeded!
    • A similar setup is working on another site, but with an Unifi-router and another ISP. Only with port forwarding rules on the router.

    Thank you! Tomas

  • Netgate Administrator

    The correct way to do this is using a hostname and split DNS so it resolves to the internal IP when you're on LAN but you can also just enable NAT reflection.


  • Thank you!

    Solved it by enabling NAT reflection on the port forward rule. 😬


Log in to reply