Ping responds to public 1:1 NAT'd IP but packet never gets to server
-
My pfSense firewall is setup to do 1:1 NAT for public IP to private IP addresses. Based on the public IP the pfSense FW routes the traffic to the proper VLAN (VLAN internal). Here is the scenario:
Server1 = Public IP is 100.100.100.100 is 1:1 NAT to 10.10.10.10
Server2 = Public IP is 100.100.100.200 is 1:1 NAT to 10.10.10.20
I have an internal INTERFACE setup for 10.10.10.0 on VLAN 1000
I have two servers on this vlan, server1 (10.10.10.5) and server2 (10.10.10.20)
on server2 I do a tcpdump host 10.10.10.10
on server1 I do a ping 100.100.100.200 and I receive replies. However, I receive no ping request showing up on server2 in the tcpdump.
on server1 I do a ping 10.10.10.20 and I receive replies. I do see the pings on server2 in the tcpdump.
on server1 if I "telnet 100.100.100.200 25" I do not get a connection
on server1 if I "telnet 10.10.10.20 25" I receive a connection.I am trying to understand what is happening and what my options are to resolve this issue. The end of the day, I need to send an email from server1 over to the mail server, which resides on server2.
Thank you all in advance for your comments.
Rick
-
Well, this is because NAT reflection is off. Personally, I would use split DNS so that server 1 would get the internal address instead of the external and having to rely on the reflection. You want to make sure you are testing from out side to make sure any rules are working from WAN to LAN.