1:1 Nat routing back to firewall
-
@viragomann That did not help either. It is still ending up at the firewall itself.
-
@trever
Consider to clear the DNS cache on the client. -
I have tried that as well. If I ssh to the external ip I end up at the firewall. If I ssh to the internal IP I get to the server I am trying to get to. So it appears to be an issue at the firewall and not in DNS.
-
@trever On the 1:1 NAT entry settings page, is "NAT reflection" enabled?
-
@steveits It is set to Use System Default
-
@trever And in System/Advanced/Firewall & NAT, is reflection enabled? Enabling it there enables it for all NAT rules.
Reflection allows using NAT forwards from LAN.
See the note towards the end of this section:
https://docs.netgate.com/pfsense/en/latest/nat/1-1.html#configuring-1-1-nat -
@steveits Neither of these options are checked.
Enable NAT Reflection for 1:1 NAT
Enable automatic outbound NAT for Reflection -
@trever said in 1:1 Nat routing back to firewall:
If I ssh to the external ip I end up at the firewall.
I see, so that has neither to do anything with DNS host overrides nor with NAT reflection.
When you ssh to an public IP and get to pfSense, the only reason I can think of is that the packets are redirected somehow.
Are there any port forwarding on the internal interface? -
@viragomann But he's trying to access the WAN IP from LAN. That seems to me like it needs reflection to work. NAT rules on WAN would only apply to packets arriving from the Internet.
-
@steveits said in 1:1 Nat routing back to firewall:
But he's trying to access the WAN IP from LAN. That seems to me like it needs reflection to work.
Yes, you're right. I didn't read correctly.
@trever
But why are you using the external IP for accessing an internal device? The suggested way is to access it using an FQDN together with internal DNS host overrides. So from within your network the FQDN is resolved to the internal IP and accessing it should be work without NAT reflection.