Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot access own public IP in 1:1 NAT

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 585 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      beefer
      last edited by

      Hi,

      I have a DMZ network that has only one machine and 1:1 NAT setup for it's public IP. This setup works, even NAT reflection works flawlessly from other LANs. The only thing I can't do is to access the public IP from the server it is designated to.
      I use 'proxy arp' for virtual ip.
      Let's say:

      • x.y.z.z is the virtual IP
      • a.b.c.d is the DMZ lan IP

      I can curl the xy.y.z.z from anywhere. But when I run curl on a.b.c.d host it does not work - like the traffic is not reflected back to the same host.

      B 2 Replies Last reply Reply Quote 0
      • B Offline
        beefer @beefer
        last edited by

        When I disable NAT reflection the machine is able to access it's own IP address again.

        1 Reply Last reply Reply Quote 0
        • B Offline
          beefer @beefer
          last edited by

          I used such workaround:
          I changed 1:1 NAT mapping to exclude a.b.c.d IP and use reflection. I then cloned the mapping and changed it only to include this a.b.c.d IP and disable reflection. And this works. Any better way to do this? I'm kinda walking a thin line of not knowing entirely what I'm doing here ;)

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Rebel Alliance @beefer
            last edited by

            @beefer I don't recall whether we tried that in our setup. We use split DNS instead.

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote 👍 helpful posts!

            B 1 Reply Last reply Reply Quote 0
            • B Offline
              beefer @SteveITS
              last edited by

              @steveits thanks for reply :) split dns won't help in this case since the service is using ipv4 only. But the fix above seems to work :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.