Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Access servers behinf firewall by local clients

    NAT
    2
    3
    56
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ASGR71 last edited by ASGR71

      Hi Guys,

      I have two SG1100 connected in series:

      INTERNET
|
V
PRIMARY SG1100 -> SWITCH -> GENERAL CLIENTS
                  |
                  V
                  SECONDARY SG1100 -> SWITCH -> SERVERS

      Probably not the best setup but options are limited.
      The Primary, connected to the internet, connects all general machines.
      The Secondary, connected to the Primary, connects all the servers for an additional level of security.

      I managed to forward connections from an external WAN connection through the Primary to the Secondary to a PLEX server as per the following 'How To' https://portforward.com/help/doublerouterportforwarding.htm and all works well...

      Unfortunately, I'm having problems trying to forward local clients on the Primary to the servers on the Secondary.

      I'd like to access my PLEX server by other devices on the Primary and realise that I need other ports-forwarded (i.e. https://support.plex.tv/articles/201543147-what-network-ports-do-i-need-to-allow-through-my-firewall/) but I don't know how to port-forwarding correctly for local clients. All infrastructure IP addresses are static

      Can someone direct me to the correct manual page / external link / give example / or menu option location?

      Thanks.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS @ASGR71 last edited by

        @asgr71 Did you enable NAT Reflection on each of the NAT rule(s) on PRIMARY? If not, requests from GENERAL CLIENTS would not use NAT and requests to the WAN IP of PRIMARY would not reflect back in.

        You could also use split DNS so GENERAL CLIENTS directly use the WAN IP address of SECONDARY.

        Steve

        Only install packages for your version, or risk breaking it. If yours is older, select it in System/Update/Update Settings.
        When upgrading, let it finish; do not reboot early. Allow 10-15 minutes, or more depending on packages and device speed.

        1 Reply Last reply Reply Quote 0
        • A
          ASGR71 last edited by

          Thanks Steve!

          Finally got the right option.
          Had to use NAT + Proxy.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post