Reach WAN with port forwarding from LAN
Hi to all, I need your help.
I have this scenario.
192.168.1.1<–--LAN-----> PFSENSE <-----WAN-----> 189.XXX.YYY.ZZZ
and I have some port redirections from WAN to some servers with ports like 8085, 8084 etc.
When I try to access the servers from another internet link (from outside world) I have no problem, forwarding works fine.
ej. http://189.XXX.YYY.ZZZ:8084 works fine from outside world
But when I try to access the servers from inside the LAN, I receive a timeout.
I have no firewall restriction from inside LAN to WAN.
What could be the problem?
thanks in advance.
Read up on NAT Reflection.
My apology, there was only a matter of little search in the forum.
this is the answer.
I have the samen problem. Regular internet ports from LAN to WAN do work. Internet to www sites.
Other special ports like 8080 or 2095 don't get out. I tried putting Reflection off it doesn't work.
It blocks on the LAN interface. Even when I allow the blocked traffic via Easyrule 8080 to any it doesn't work.
how did you made those rules? if you defined source port, then it's not going to work at most cases
For incoming NAT ports we worked with the NAT-rule and auto-create FW-rule. Now I found out our internal machines can't get out on 8080 or 2095, I tried adding manual rule in NAT of FW. Reflection checkbox is cleared.
Does this help?
I've got one machine who's only a simply pc for internet. No special port outgoing. He works fine through PFS.
Also I made a rule in LAN (FW) and gave a PC all ANY right to outside…. doesn't work. (attached)
![Schermafbeelding 2011-09-17 om 11.35.02.png](/public/imported_attachments/1/Schermafbeelding 2011-09-17 om 11.35.02.png)
![Schermafbeelding 2011-09-17 om 11.35.02.png_thumb](/public/imported_attachments/1/Schermafbeelding 2011-09-17 om 11.35.02.png_thumb)
Sorry, can't help you haven't done this. have you checked wiki?
docu and wiki is not good in general is my opinion. Usually a general explanation instead of clear instruction/steps.
pfsense own wiki is quite good
There is a lot of info but no good setup how start and have these exeptions like my problems. At least we can't find the info. If you know where to start please reply.
pfSense has a lot of functions and is light and quick. The GUI should be more integrated in one screen. Now I have to do something in NAT-rules and then in FW-rules. At present we have the issue traffic can't get out on ports 8080 and 2095 eg…...