Enabling Nat reflection causes problems

MaxFontana

Hi there.
I need to reach from my LAN the internal mail server (kerio) through it's public IP (need to setup an Iphone). From outside using the public IP or mail.hostname.com (which obviously resolves to the static IP)  just works fine but from inside my LAN, if I digit the public IP, I get the pfsense webaccess login mask. I then tried to enable the nat reflection but suddendly the http navigation got disabled. Every http requests pointed to the webmail login page of my mail server. The only way to access my pfsense was via local console.
Which other solution do you see? I'm trying with dns split but it doesen't seem to work at all!
Thanks in advance.
Max
Italy

GruensFroeschli

You also need/should move the port of the webinterface of the pfSense to a different port.

How did you configure your split-dns? (screenshots)

MaxFontana

Solved! I forgot to flag the register DHCP leases in DNS forwarder and register DHCP static mapping in DNS forwarder.
Thanks
Max

Supermule

I was about to say that….in 1.2.3 this causes no issues on port 80. It is also solved in the jan 18 snapshot if I recall correctly.