Problem with NAT reflection



  • Hi!
    I have set up with out- and in- load balancing. 2 wan + lan (additionaly one more firewall with dhcp)+ dmz
    I can access from LAN to DMZ if I use IP.
    but I can not access using DNS names.
    I turned on NAT reflection but it didn't help.
    I suppose that it is some problems with my firewall rules or routing.

    My LAN:
    Proto  Source  Port  Destination  Port  Gateway  Description

    • LAN net * DMZ net * * Default LAN -> any

    • LAN net * * * Out Balancer Default LAN -> any

    mY dmz

    Proto  Source  Port  Destination  Port  Gateway  Description 
    block * DMZ net * LAN net * * DMZ > LAN 
    TCP DMZ net * 200.100.68.0/24 * 202.145.68.174 FTP No load balancing 
    TCP DMZ net 20 - 21 * * 200.200.30.113 FTP No load balancing 
    TCP DMZ net 60000 - 65000 * * 200.200.30.113 Passive ports for ftp 
    TCP/UDP DMZ net 443 (HTTPS) * * 200.100.68.174 SSL port 
    TCP/UDP DMZ net 80 (HTTP) * * 200.100.68.174 httpd

    • DMZ net * * * Out Balancer DMZ > WAN

    Regards,
    Hans



  • See http://cvstrac.pfsense.com/tktview?tn=1138,6 for how to setup a workaround rule for this problem. At least for natreflection this should work for 1.0.1 without this rule but you will  need it for ftphelper anyway so it won't hurt  ;)


Locked