NAT virtual LAN IP -> LAN-IP on different Port

uz890ed

I have a Server with multiple Webservices reachable form the Internet using NAT on multiple ports using multiple IP's like this:
WAN IP 1:443 -> LAN IP 1:4444
WAN IP 2:443 -> LAN IP 1:443

now I also want to be able to connect using the same link form inside the Network like this:
virtual LAN IP (on pfSense):443 -> LAN IP 1:4444
virtual LAN IP (on pfSense):443 -> LAN IP 1:443

my config:
virtual CARP-IP on LAN-Interface which resides inside my LAN.
Port-Forwarding on LAN-Interface using CARP-IP:443 -> LAN IP 1:4444

I can access pfsense using this virtual IP from LAN on Port 8443 but not my Service on LAN IP 1:4444

What I am doing wrong?

I know this is possible using HAproxy but I want a direct connection if possible.

viragomann

@uz890ed said in NAT virtual LAN IP -> LAN-IP on different Port:

I know this is possible using HAproxy but I want a direct connection if possible.

That not possible. You cannot access the destination host directly this way. You're calling the pfSense's virtual IP, so that's not directly.
pfSense may forward the packets to the destination host, but responses will go back directly to the requesting host, so will you have an asymmetric routing.

You can use NAT reflection instead. However, that will also be not directly, access will come from pfSense, same as with HAProxy.

Best pactice is accessing the services by host names and set up host overrides for it.