Access external pfsense IP/DDNS

chudak

I am sure it's been asked many times, but here it goes again :)

If I have an external IP xx.yy.zz that is assigned to my pfsense router and I'd like to access it from my local network - can be it done?

An example would be Plex or Emby server access.

Thx

viragomann

@chudak
Any IP assigned to any pfSense interface can be accessed from any connected network, presupposed your firewall rules allows it.

However, consider that in case of NAT port forwarding the rule is only applied on the interface it is assigned to naturally. Indeed you're not accessing pfSense here, but a device behind it.
So if applicable you need to enable NAT reflection.

chudak

@viragomann said in Access external pfsense IP/DDNS:

you need to enable NAT reflection

I've never used it before. How exactly can I do it?

Thx for the reply!

viragomann

@chudak
Edit the respective NAT rule, go down to "NAT reflection".

If client and server are in different network segments "pure NAT" should do the job. If both are within the same subnet you possibly need the proxy mode.

chudak

@viragomann

Apparently, I had "pure NAT" enable and also tried "NAT proxy" and in both cases could not connect to emby via emby.media call (if you are familiar with this) :(

viragomann

@chudak
No. Maybe it depends also on other properties.
"NAT + proxy" also doesn't work for all traffic.

Since you mentioned DDNS in the topic I assume you are accessing the resource using an host name. So if you use an internal DNS on pfSense you'd better add a host override for it pointing to the internal IP.

chudak

@viragomann said in Access external pfsense IP/DDNS:

you'd better add a host override for it pointing to the internal IP

Well I know it will work, but I wanted to use the external IP/DDNS

Anyway, I think it's more than only pfsense involved here, that you!

viragomann

@chudak said in Access external pfsense IP/DDNS:

but I wanted to use the external IP/DDNS

Not clear, why.

You have a dynamic public IP and a static hostname pointing to it.
So for internal purposes you can override it with a static internal IP and every time an internal clients is resolving the hostname, he will get the internal IP for it.
There is no need to get the dynamic IP at all.

chudak

@viragomann

yes, you are correct. But I needed to test from my local net an ability to connect via an external hit.

So it's not a 'make it work case' but more a testing case

viragomann

@chudak said in Access external pfsense IP/DDNS:

But I needed to test from my local net an ability to connect via an external hit.

Forget it!
When you access the public IP from inside, the traffic never passes the WAN interface. Hence, NAT and filter rules are NOT applied to it.

If you want to test the access from the internet use a device outside your local network.

chudak

@viragomann
yes yes
my idea from the beginning was faulty