Natted win-server doesn´t see himself
I´m not sure which part of the forum is best, so I let it here.
There are several servers with some linuxes and some with W2003/2008 server behind a pfsense with failover setup and NAT.
The x-servers can reach or see themselves (ping from console to hostname or public IP), Windows-Servers can´t.
Is that normal or what can i do to let him see himself?
Thanks for all hints.
Search the forum for "NAT reflection", where you'll find a number of threads with the solution - assuming of course that the Windows servers are trying to access them with the public IP addresses.
thanks for let me look for NAT Reflection.
Let me have a few words more about the issue.
We had our setup with ONE pfsense for about 2 years, last was 1.2.2. Last week we changed to a setup with TWO in failover mode, Rel 1.2.3, same rule, same 1:1 NATs, same VIPs, same one automagic created outbound-nat for the internal lan.
Now we have issues, they all are about servers don´t see themselves, IMAP-Webmail (Roundcube) doesn´t work, and some similar.
Is there a difference in handling NAT between 1.2.2 and 1.2.3?
And can we do some outbound-NATs "on top" on our normal 1:1-NATs without breaking the pfsense?
The difference probably relates to the fact that you now have 2. Unfortunately with no meaningful details it's hard for anybody to help you.
How about a simple network diagram, showing IP addresses. We also need details of what you're doing when you say "servers don't see themselves".
ShadowFlare last edited by
There is currently no NAT reflection implementation for 1:1 NAT (one may make its way into 2.0, however). A workaround currently available is to enable NAT reflection and use port forwards for the ports you want to access, so that it makes NAT reflection rules on those ports.
some more details to our issue:
2 pfsenses in failovermode/CARP
public Ips 2xx.xxx.xxx via VIP
All servers in lan are in 192.168.114.0
All servers with 1:1 NAT and specific rules,
ping or traceroute from a server, say 192.168.114.5 to his public IP or his hostname doesn´t work,
ping or traceroute to any other server in the same subnet or from any other is ok.
This since we changed from one standalone to two carp-pfsenses.
Any other services are well (There are web-/mail-/db-servers).
Hope this helps to help.
Does it work if you use only the LAN IP addresses?
For the hosts that do work, are you using a public IP address or hostname when it works? What is different about the problem hosts? Are they running a different operating system, have a different default gateway, what?
ping or trace from one private ip to another: ok
os: some linuxes, win 2003/2008
all have same gateway, ns
all host have the same problem: they cannot see/ping themselve
all hosts can ping/see the others
kpa last edited by
If I were you I would set up a split dns and use only dns names for accessing local services, not ip addresses:
So, it's only if they try to access their own public IP or hostname that there's a problem? If so, what is the problem? There's no reason for any host to do that in normal operation.
first: thanks for all answers!
We solved the problem with Split DNS.
Why do we need this:
RedDot / OpenText need it for the Backend
Typo3 needs it for search Content and produce some new out of it
IMAP-Client RoundCube needs it for Identification
Once again: thanks for all ideas!!