NAT Reflection or not
are there any good reasons to Disable NAT Reflection ?
I have always left it disabled. How ever I was testing enabling Reflection , which resulted in bookmarks to our internal servers working on and off site.
So is turning on nat reflection bad for other reasons>
I found info about this in the pfSense book on Page 104… I'm not going to copy and paste from it... unless that is ok.
get the book!
I'm waiting till the book for version 2 comes out. Won't it be significantly different?
There will be quite a few differences in the 2.0 but the underlying fundamentals are the same.
In the case of NAT reflection, it's still preferred to use split DNS instead of relying on reflection. Your internal devices should be talking directly to the internal IPs of the services, and not using the public IPs. There is more info on the doc wiki (check the link in my sig).