Multiwan + no web server access from LAN

PacDemon

Hi all,
hope you can help me because I freak out on my problem.

I have to 2 WAN connections.
WAN1 has a static IP address (x.x.x.x)
WAN2 has a dynamic IP address (y.y.y.y)

From WAN1 I have a port forwards to a internal server S1 to ports 8020 and 8383, the S1 communicate over the same IP out like the WAN1. If now I try to access the Web server over the ports from a external IP address like form my UMTS CARD I can access the Webpage perfect (http://x.x.x.x:8383).

But if I try to access the IP address from internal LAN with x.x.x.x:8383 I get every time in firefox this message:
–--------------------------------------------
Secure Connection Failed

An error occurred during a connection to x.x.x.x:8383.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)
* The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

* Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

What I really not understand why it works from a external IP address perfect and from a internal not. >:(
What can be happen ???

Hope really that someone can help out on this problem.

Best PD

tommyboy180

Try enabling NAT reflection.

PacDemon

@tommyboy180:

Try enabling NAT reflection.

Thanks for the hint. In my settings I have "Disable NAT Reflection" not activated.
Same Problem.

NAT-Reflection.jpg_thumb

Boolah

Is NAT reflection specifically enabled on your port forward rule?

NATReflection.jpg_thumb

PacDemon

@Boolah:

Is NAT reflection specifically enabled on your port forward rule?

Wow, never see this option, I using Version 1.2.3. Maybe your picture is from the version 2.0.

How I can this also in Version 2.0?

Thanks Boolah.

PD

Boolah

You're right - that screen shot was from 2.0. In 1.2.3, I think you'll need to recreate the forward after you change the NAT reflection setting on the advanced options page. It's been a while since I ran 1.2.3…

PacDemon

@Boolah:

You're right - that screen shot was from 2.0. In 1.2.3, I think you'll need to recreate the forward after you change the NAT reflection setting on the advanced options page. It's been a while since I ran 1.2.3…

Hi,
I delete first all rules. Wait around 10min and recreate all rules. But I get the same error again.
Attached my FW Rule and NAT Rule.

Have anyone some more hints how to fix it ???

![Screenshot - 24.08.2010 , 09_22_22.png](/public/imported_attachments/1/Screenshot - 24.08.2010 , 09_22_22.png)
![Screenshot - 24.08.2010 , 09_22_22.png_thumb](/public/imported_attachments/1/Screenshot - 24.08.2010 , 09_22_22.png_thumb)

Clip.png_thumb

PacDemon

Now I found the problem why the NAT is not working and I think it is a Bug in the pfSense 1.2.3.

It looks like that the "NAT Port Forward" have got problems with "Aliases" type "PORTS"
I create a Alias with 2 Ports (80, 443) type "Ports(s). I use this in my Alias in my Port Forward rule.

After I try to get on the external IP over a internal Network, it doesn't work.

Now I split the Port Forward rule into to rules without a alias and use for the one rule the port 80
and for the other one 443. And now BINGO, it works, I can access a Webpage from the internal
network to the external address what is a port forward to our internal network.

Now I test this on a another pfSense installation that we have in a another location and I can
reproduce the problem on that one too.

So it looks like the version 1.2.3 have the bug with PORT ALIASES.

Hope this can help other users now.

Best,
PD