Port forward NAT + accessing NATed Services



  • i used port forward NAT in my DMZ coz i have no luck making 1:1 NAT to work and i have read that there is a workaround accessing NATed services within the LAN, so i enabled the NAT reflection in the advanced page however i still can't view the NATed services using its hostname or public ip, so i added in the dns forwarder page the override for the said services and now i'm able to access it via its hostname/public ip, my question is, am i doing it right? is this how it is suppose to be?

    TIA



  • You have set up split DNS. This is one possible solution. However natreflection with portforwards should have worked as well if set up correctly. I'm using natreflection to access hosts with portforwards to the DMZ from LAN at the office without issues.



  • so my configuration is ok? i have another question though regarding 1:1 NAT, why is it that i having problem with 1:1 setup, i can only access one of the website but not the other website we are hosting and the webmail interface of our mail server although i have configured a dns forwarder override for it.?



  • 1:1 NAT doesn't work for nat reflection but it should work with split dns. When you say it doesn't work, do you mean for connections coming from WAN to your host ot from lan?



  • i can only access via its NATed ip within the LAN, while i can only see one website from outside LAN while the webmail and another website is not accessible. any ideas why?



  • my 1:1 NAT is working already, it seems odd coz i just followed the documentation on monowall, dunno why it doesn't work outright, i happened to browse the archive and saw one thread regarding issues with 1:1 NAT, his solution was to add a VIP, and whooalla it's now working for me, i also removed the entries in the DNS forwarding page for my port forwarding configuration, my pfsense configuration is now a combo of port forward and 1:1 NAT, thanks for your pointers hoba, you're a great help :)



  • You always need a VIP to make use of additional IPs on an interface. It won't work without. This is something that is different from m0n0.


Locked