Accessing my own backup service
I'm trying to access my own backup service from LAN with the IP:port of the WAN side. The port seems to be closed from inside my LAN, but not from outside. I'm doing this because I want to configure the backup client with external IP and port, so the backup works when I'm using my laptop outside my LAN.
Do I have to add any rule in pfSense to get this working?
(numbers are changed)
- External IP:
- Port exposed by router on WAN side:
12345. Including NAT rule.
- The backup service running on LAN with IP
- The backup client on laptop is configured to use
184.108.40.206:12345(External IP) when connecting to the backup service.
What is happening?
- The port
12345is accessible from internet. Tested from ShieldsUP
- The backup client fails to connect to the backup service when the laptop is on LAN.
- The backup client can connect and backup when the laptop is using VPN.
- I can see the traffic (in pfSense webUI) from my laptop on LAN being passed to the external IP
220.127.116.11:12345by this rule:
- For some reason the ports 22, 80, 443 (maybe more) are reported as open from pfSense Command Prompt, but on ShieldsUP they are stelth:
$ nc -z -v -w4 18.104.22.168 12345 connect to 22.214.171.124 port 12345 (tcp) failed: Operation timed out $ nc -z -v -w4 126.96.36.199 80 Connection to 188.8.131.52 80 port [tcp/http] succeeded!
- A similar setup is working on another site, but with an Unifi-router and another ISP. Only with port forwarding rules on the router.
Thank you! Tomas
- External IP:
The correct way to do this is using a hostname and split DNS so it resolves to the internal IP when you're on LAN but you can also just enable NAT reflection.
Solved it by enabling NAT reflection on the port forward rule.