Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access internal computers using external IP & ports?

    Scheduled Pinned Locked Moved NAT
    9 Posts 4 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaykup
      last edited by

      How do I set this up?

      From external computer:
      <dyndns.org-domain>:3000 -> goes to pc1:3389
      <external-ip>:3000 -> goes to pc1:3389

      That works fine.

      But if I'm inside the network:
      <dyndns.orgdomain>:3000 -> times out
      <external-ip>:3000 -> times out
      pc1:3389 -> goes to pc1:3389

      How do I make pfsense loop back like that inside the network?</external-ip></dyndns.orgdomain></external-ip></dyndns.org-domain>

      1 Reply Last reply Reply Quote 0
      • R
        RpR
        last edited by

        I would like to know that too.
        I know that juniper has this default in there config.

        I do it using a dns. I just change the ip from what x.mydomain.com resolves to.

        Example test.domain.com –> XXX.XXX.XXX.XXX
        In my local dns it resolves to 192.168.1.1

        1 Reply Last reply Reply Quote 0
        • J
          jaykup
          last edited by

          Can you explain how you set that up?  Did you use the DNS Forwarder?

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            You can create local dns entrys in your own dns server

            1 Reply Last reply Reply Quote 0
            • J
              jaykup
              last edited by

              But its the IP that doesn't seem to loop back.

              Accessing 24.34.44.54:8080 just times out inside the LAN.  Accessed from the WAN it forwards to the proper pc.

              For example:
              custom.dyndns.org -> 24.34.44.54
              pfsense -> 192.168.1.1

              So I go into my local DNS server and manually set:
              custom.dyndns.org -> 192.168.1.1

              pfsense forwards port 8080 to 192.168.1.20

              and I try to access custom.dyndns.org:8080 is going to point to pfsense:8080 not 192.168.1.20:8080

              does this mean I have to set my custom dns records for each pc?

              outside:
              custom1.dyndns.org -> 24.34.44.54
              custom2.dyndns.org -> 24.34.44.54
              custom3.dyndns.org -> 24.34.44.54

              inside:
              custom1.dyndns.org -> 192.168.1.20
              custom2.dyndns.org -> 192.168.1.21
              custom3.dyndns.org -> 192.168.1.22

              ?

              That seems like a really bad way of doing it…

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                Only the machines you have to access via wan address.

                1 Reply Last reply Reply Quote 0
                • Cry HavokC
                  Cry Havok
                  last edited by

                  The problem you're facing is called NAT Reflection and if you search the forum you'll find more about how to deal with it.

                  1 Reply Last reply Reply Quote 0
                  • R
                    RpR
                    last edited by

                    To anyone who has problems with this:
                    http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

                    Sorry should had looked there. Btw another cool feature!!!

                    1 Reply Last reply Reply Quote 0
                    • J
                      jaykup
                      last edited by

                      @Cry:

                      The problem you're facing is called NAT Reflection and if you search the forum you'll find more about how to deal with it.

                      Wow, just one check box, thanks :)

                      That's exactly what I wanted to do.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.