Trouble with HTTP in DMZ
I'm a longtime IPcop user that installed pfsense yesterday. My goal was to have the same setup as I had in IPcop and I almost succeeded but I have one major problem. Setup is very standard:
I have one Linux box (192.168.3.2) on the DMZ that hosts my webserver - it's only running Wordpress. I use DynDNS on the pfsense box. Now for the problem. My domain points to my DynDNS address which then serves the pages from Wordpress. A visitor will go like this:
This works fine. I can access the Linux box with it's IP adress. But there is some very important issue:
With IPcop I could enter the foobar.com or the dyndns.org address sitting in my LAN and access the box in the DMZ. This is important because Wordpress points all links to the dyndns address. It's impossible to enter the admin area if you can't reach the server by it's dyndns address. With PFsense this is not possible… the connection has a timeout.
It would be possible to reach the admin area with a proxy server on the Internet but that's a security risk. How can I fix this? In IPcop it's "standard" after the setup... I have no idea how to do this with pfsense.
Turn on Nat reflection at system>advanced in the webgui (at the very bottom).
Yes! Well, that was easy :D
Is there any security implication with this setting?
I think I'll stay with pfsense for a while, runs very well and the traffic shaper really works.
There is no security issue with that feature as it just enables a proxy at your internal interface to reflect the connection back to your internal portforwarded client. It puts a little bit more load on your device and uses a bit more ram but besides that there is no problem with that.