NAT Reflection and VLANs
-
I'm new to the entire VLAN thing, so please bear with me on this one. I just got my 2100 and have everything setup and for the most part functional.
Administrative VLAN1 - 192.168.10.0/24
IoT VLAN30 - 192.168.30.0/24
Guest VLAN40 - 172.16.40.1/24I did the inverse match on the firewall rules blocking access to the Administrative LAN from either VLAN30 or VLAN40. I am unable to ping from VLAN30 to VLAN1
On the Administrative LAN sits my unRAID server running a few docker containers that are open to the internet using a reverse proxy, so port 80 and 443 are open to the outside.
When I'm outside my network, I connect to them using my subdomains, e.g. emby.NotMyDomain.com or nextcloud.NotMyDomain.com.
Here is what I'm not sure about and was hoping someone could explain it to me. unRAID runs an emby server and when the endpoints are able to reach the server across the LAN it does a direct stream sending the media 1:1. When you're outside the LAN it transcodes it based on the available or assigned bandwidth.
I moved one of my NVIDIA Shields to VLAN30. I would have thought that it would attempt to transcode the stream and I'd need to allow some sort of traffic through to VLAN1, but it started direct streaming.
Is the NAT reflection smart enough to realize that NotMyDomain resolves to a server behind the pfSense box and sends the traffic from the Shield through port 443?
I'm just trying to wrap my head around how the traffic is getting past the firewall rule blocking all traffic from VLAN30 to VLAN1.
Thanks!