Problem with NAT reflection
-
Hi!
I have set up with out- and in- load balancing. 2 wan + lan (additionaly one more firewall with dhcp)+ dmz
I can access from LAN to DMZ if I use IP.
but I can not access using DNS names.
I turned on NAT reflection but it didn't help.
I suppose that it is some problems with my firewall rules or routing.My LAN:
Proto Source Port Destination Port Gateway Description-
LAN net * DMZ net * * Default LAN -> any
-
LAN net * * * Out Balancer Default LAN -> any
mY dmz
Proto Source Port Destination Port Gateway Description
block * DMZ net * LAN net * * DMZ > LAN
TCP DMZ net * 200.100.68.0/24 * 202.145.68.174 FTP No load balancing
TCP DMZ net 20 - 21 * * 200.200.30.113 FTP No load balancing
TCP DMZ net 60000 - 65000 * * 200.200.30.113 Passive ports for ftp
TCP/UDP DMZ net 443 (HTTPS) * * 200.100.68.174 SSL port
TCP/UDP DMZ net 80 (HTTP) * * 200.100.68.174 httpd- DMZ net * * * Out Balancer DMZ > WAN
Regards,
Hans -
-
See http://cvstrac.pfsense.com/tktview?tn=1138,6 for how to setup a workaround rule for this problem. At least for natreflection this should work for 1.0.1 without this rule but you will need it for ftphelper anyway so it won't hurt ;)