Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forward NAT + accessing NATed Services

    Scheduled Pinned Locked Moved
    NAT
    2
    7
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jan.gestre
      last edited by

      i used port forward NAT in my DMZ coz i have no luck making 1:1 NAT to work and i have read that there is a workaround accessing NATed services within the LAN, so i enabled the NAT reflection in the advanced page however i still can't view the NATed services using its hostname or public ip, so i added in the dns forwarder page the override for the said services and now i'm able to access it via its hostname/public ip, my question is, am i doing it right? is this how it is suppose to be?

      TIA

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        You have set up split DNS. This is one possible solution. However natreflection with portforwards should have worked as well if set up correctly. I'm using natreflection to access hosts with portforwards to the DMZ from LAN at the office without issues.

        1 Reply Last reply Reply Quote 0
        • J
          jan.gestre
          last edited by

          so my configuration is ok? i have another question though regarding 1:1 NAT, why is it that i having problem with 1:1 setup, i can only access one of the website but not the other website we are hosting and the webmail interface of our mail server although i have configured a dns forwarder override for it.?

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            1:1 NAT doesn't work for nat reflection but it should work with split dns. When you say it doesn't work, do you mean for connections coming from WAN to your host ot from lan?

            1 Reply Last reply Reply Quote 0
            • J
              jan.gestre
              last edited by

              i can only access via its NATed ip within the LAN, while i can only see one website from outside LAN while the webmail and another website is not accessible. any ideas why?

              1 Reply Last reply Reply Quote 0
              • J
                jan.gestre
                last edited by

                my 1:1 NAT is working already, it seems odd coz i just followed the documentation on monowall, dunno why it doesn't work outright, i happened to browse the archive and saw one thread regarding issues with 1:1 NAT, his solution was to add a VIP, and whooalla it's now working for me, i also removed the entries in the DNS forwarding page for my port forwarding configuration, my pfsense configuration is now a combo of port forward and 1:1 NAT, thanks for your pointers hoba, you're a great help :)

                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by

                  You always need a VIP to make use of additional IPs on an interface. It won't work without. This is something that is different from m0n0.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post