WAN Loopback is blocked? Maybe?



  • Alright, so I have my new Comcast Business Class setup, I love it, and I'm using their modem and then my pfSense router. Basically, my issue is this… I have a service hosted on my server 10.0.0.1 and I have it accessible on the outside world, everyone can see it but me, because I'm on the inside... How can I fix that?

    For example home.domain.com works for them, but not for me at my home location. It is very annoying for testing purposes to not be able to verify if its working without someones outside help.

    Thank you.



  • Firewall:NAT:PortForward

    Edit the rule that gives outsiders access to your server and enable NAT reflection



  • I've tried NAT reflection and it doesn't work. Any more ideas?



  • A little more info about your network layout would help.

    Is the server in a DMZ - on an OPT interface perhaps - or on your LAN?

    Can you get to it using its internal IP address (10.0.0.1)?



  • Hope that helps.

    I can access locally, so if I type 10.0.0.2, but if I type home.domain.com that works for others not at the home location, it works for them, but not for me when I'm here.



  • If you are using pfSense as name server for your private network I suspect the easiest way to deal with this problem is to enter a local override entry for home.domain.com in the pfSense name server (e.g. Services -> DNS forwarder, click the "+" button at the bottom of the page). The entry should contain the appropriate local IP address (e.g. 10.0.0.1).



  • How do I know if pfSense is acting as a name server? What I'm trying to do is create a monitor that will check to make sure the port is open on the outside world without having to be trying to access it from the outside world.



  • @Howitzer:

    How do I know if pfSense is acting as a name server? What I'm trying to do is create a monitor that will check to make sure the port is open on the outside world without having to be trying to access it from the outside world.

    if you're using windows try to type this on cmd

    ipconfig /all
    ```and search dns-server entries


  • Looks like "home" is the dns suffix, is that messing things up? There is so much about this networking that I dont know. I really am grateful for all the help on these forums.



  • @Howitzer:

    How do I know if pfSense is acting as a name server?

    Use a tool like dig or nslookup on a client to report what that client is using for a name server. If clients get all their IP network configuration data by DHCP from pfSense and pfSense has DNS forwarder enabled and the DHCP server configuration doesn't have a DNS override then the clients probably use the pfSense box as their DNS.

    @Howitzer:

    What I'm trying to do is create a monitor that will check to make sure the port is open on the outside world without having to be trying to access it from the outside world.

    Such a monitor won't tell tell you the port is "closed" because your internet connection is down
    nor will it tell your port is "closed" because you haven't configured the firewall port forwarding correctly.



  • My port forwarding is setup correctly, so it would tell me if the server application has crashed or is no longer accepting connections. If my internet is down, that I will know its down, but I would still like to try to find a way to make this work. Thanks again for your help.



  • You may have partly figured it out.  The connection-specific DNS suffix, is "home".  According to the ipconfig output, that's come from your pfSense (10.0.0.254) DHCP server.  When you try to reach yourserver.yourdomain.com from inside, pfSense goes to an external DNS server which says to connect to your WAN interface's external IP address.  That's when confusion sets in.  Someone correct me if I'm wrong.

    If you have a real domain name, enter that in the Domain box at System:General Setup as well.  By default, that's the DNS suffix given to your Windows boxes (but it can be overridden in the DHCP server config and the DNS forwarder config).

    Reboot your Windows boxes so they pick up the proper domain name suffix.



  • Alright, changed it in pfsense to home.do*****ft.com and its showing up, but I still cannot loopback and see the service running using the client.



  • Did you have NAT reflection on?

    Have you checked that the Windows boxes got the correct domain?  Do an ipconfig on your server and make sure it shows its host and DNS suffix correctly.  (Assuming it gets its IP address from pfSense as well and isn't set up as static)

    It may be that you have to clear the state table too under Diagnostics:States Reset states tab.  Read the notes there about your browser connection.


Log in to reply