Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT Reflection Issue with Dual WAN Setup in pfSense 2.7.2

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 32 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TonyArizin
      last edited by

      Hi everyone,

      I'm currently running pfSense 2.7.2 with a dual WAN setup:

      WAN1: Static IP
      WAN2: DHCP
      Gateway failover and redundancy are working fine. However, I'm facing an issue with NAT reflection.

      I’ve published a web service (e.g., netgate.com) using NAT port forwarding. External access works perfectly — users can reach the service via the domain name. But internally, when I try to access netgate.com, it fails unless I use the internal IP address directly.

      Initially, I created the NAT rules with “Filter rule association” set to “Add associated filter rule” (the default). But when I changed it to “Pass” or “None” and manually created the corresponding firewall rule, internal access started working as expected.

      So my question is:

      1. Is this behavior expected?
      2. Has anyone else experienced this issue?
      3. Is manually creating the firewall rule the correct solution, or is there a better way to handle NAT reflection in dual WAN setups?

      Any feedback or insights would be greatly appreciated!

      Thanks in advance.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @TonyArizin
        last edited by

        @TonyArizin said in NAT Reflection Issue with Dual WAN Setup in pfSense 2.7.2:

        Initially, I created the NAT rules with “Filter rule association” set to “Add associated filter rule”

        This only adds a rule to the WAN. For access from inside your network using NAT reflection, you have to add a rule manually to the internal interface.

        T 1 Reply Last reply Reply Quote 1
        • T
          TonyArizin @viragomann
          last edited by

          @viragomann

          The LAN rule already has the source set to all and all ports going out are open.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.