NAT question
-
@sudsmaker-0
Can you access the site locally? Need to make sure it's actually working first.
Then check to make sure the port is actually open and responding. Use a site like https://www.grc.com/shieldsup to test it. It should fail if it's working.
Last resort, do a packet capture on the WAN while trying to access it from OFFSITE to insure the packets are actually getting there.
Post pics of NAT and rules would help. -
@sudsmaker-0 If you are trying to connect to the WAN IP of pfSense from its LAN you need to enable NAT reflection on that NAT rule.
-
@jarhead Yeah, I can get to the site internally.
-
@sudsmaker-0 And did the rule get created correctly too?
Firewall/Rules/WAN. -
@jarhead It does look like the firewall rules for WAN were properly created.
-
@jarhead I'm rather new to pfSense and don't really know what NAT reflection is or how to configure/check it.
-
@sudsmaker-0 Here is a very crude/elementary scenario
-
@sudsmaker-0 said in NAT question:
Here is a very crude/elementary scenario
Indeed, it is.
If you want the guys here to help you, you have to answer their questions and provide some details.
From where you can access the site, from where not?
The server IP in this graphic differs from the redirect target in the NAT rule.
You said, you can access it from internal. From where and how? By its IP or by the FQDN?
Is pfSense the default gateway in all involved network segments?
-
@sudsmaker-0 NAT reflection allows accessing a WAN IP NAT port forward from LAN or other networks. It is set here on the NAT rule:
https://docs.netgate.com/pfsense/en/latest/nat/reflection.html
In your image, 172.0 is a public subnet...looks like AT&T's. Is that written correctly? If it was a private subnet (in 172.16/12) you'd need to uncheck the option "Block private networks and loopback addresses" on your WAN interface.
-
@sudsmaker-0 Did you try the Shields Up site?
Need to know if it's open or not. -
This post is deleted! -
@steveits This fixed the issue for me.
Thank you!
