NAT Reflection or not



  • are there any good reasons to  Disable NAT Reflection ?

    I have always left it disabled.    How ever  I was testing enabling  Reflection  , which resulted in  bookmarks to our internal servers working on and off site.

    So is turning on nat reflection  bad for other reasons>



  • I found info about this in the  pfSense book on Page 104…  I'm not going to copy and paste from it... unless that is ok.

    get the book!



  • I'm waiting till the book for version 2 comes out.  Won't it be significantly different?
      -t-


  • Rebel Alliance Developer Netgate

    There will be quite a few differences in the 2.0 but the underlying fundamentals are the same.

    In the case of NAT reflection, it's still preferred to use split DNS instead of relying on reflection. Your internal devices should be talking directly to the internal IPs of the services, and not using the public IPs. There is more info on the doc wiki (check the link in my sig).


Locked