NAT Reflection only working after adding NAT rule on LAN interface too
-
Hi guys,
I have run into the following issue on a pfSense (this one is on a 2.4.4-p3 but I have seen the same issue happen on other ones aswell). It's a typical scenario where you need NAT reflection (split DNS is not an option as there is another party managing the DNS for this network and they are not up for doing that change):
Basically the network behind the pfsense has IP camera's that need to be reachable via one of the virtual IPs on the firewall. However from the inside they cannot reach them. When we test from a local subnet behind the pfSense, this seems to be correct, and does not work (i'll ommit some IPs for obvious reasons):
<cpe>telnet vpn-instance <omitted> -a 10.10.14.1 <virtual ip> 8080
Press CTRL_] to quit telnet mode
Trying <omitted> ...
Error: Can't connect to the remote hostThis is simply configured with a NAT port forward on the WAN interface, from the virtual IP to the internal IP
If I enable NAT Reflection on this rule, it changes nothing and I get the same endresult.
If I, however, add the following rule towards the LAN interface (notice the lack of filter rule btw), it works:
<cpe>telnet vpn-instance <omitted> -a 10.10.14.1 <virtual ip> 8080
Press CTRL_] to quit telnet mode
Trying <virtual ip> ...
Connected to <virtual ip> ...And on the pfSense in the States table:
States
LAN tcp 10.10.14.1:63169 -> 10.14.14.56:8080 (<virtual ip>:8080) ESTABLISHED:ESTABLISHED 3 / 2 133 B / 84 BSo it seems I never got NAT reflection working as it should, can anyone explain me what I am missing or why it actually works when I add the rule towards the LAN interface above? I would love to know how to configure it properly..
And if I need to provide more information, happy to do so obviously!
Thanks in advance! :)
edit: formatting