Can't access website on lan



  • So I can't access my website on lan.
    Works fine on lan.

    I unchecked Disable NAT Reflection for port forwards
    However is that only for new port forwards? Because it didn't do anything.

    http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F
    The 2nd method seems messy, the first method isn't working for me though.

    E.g if I want to connect to a vpn, I have a different computer hosting that than say my webserver, and the 2nd method won't let me do that.

    I am on pfsense 2.0.1


  • Netgate Administrator

    @jigglywiggly:

    So I can't access my website on lan.
    Works fine on lan.

    I'm assuming the above is a typo and you meant 'works fine on WAN'.
    You can also presumably access your web server from LAN by using the IP address?

    After you have enabled NAT reflection you may have to restart/refresh some things. The IP that your URL resolves to will be cached a several places. Try from a different internal client. Once those caches a re flushed it should work.

    @jigglywiggly:

    E.g if I want to connect to a vpn, I have a different computer hosting that than say my web server, and the 2nd method won't let me do that.

    You mean you have port forwarding setup to two different internal IPs, using the same URL, depending on what port it arrives on?

    Steve



  • @stephenw10:

    @jigglywiggly:

    So I can't access my website on lan.
    Works fine on lan.

    I'm assuming the above is a typo and you meant 'works fine on WAN'.
    You can also presumably access your web server from LAN by using the IP address?

    After you have enabled NAT reflection you may have to restart/refresh some things. The IP that your URL resolves to will be cached a several places. Try from a different internal client. Once those caches a re flushed it should work.

    @jigglywiggly:

    E.g if I want to connect to a vpn, I have a different computer hosting that than say my web server, and the 2nd method won't let me do that.

    You mean you have port forwarding setup to two different internal IPs, using the same URL, depending on what port it arrives on?

    Steve

    Yeah it was a typo, I meant I can access it on wan.

    I tried different computers and all, it still doesn't work though.

    About your second point, yeah that's what I meant.


  • Netgate Administrator

    Ok.
    Thinking about this a bit harder it's not the url resolving to the wrong address but the NAT reflection rule not redirecting traffic to the correct IP.
    I presume you have tried restarting the box to flush the NAT rules? Do you have NAT set to auto or manual?
    NAT reflection should work for this.

    I can see how using a DNS override would not work in this situation. Though you could use the host override to have two hosts; www.yoururl.org and vpn.yoururl.org. I expect you would then have to change things on your various clients.

    Steve



  • Oh yeah, all I had to do was reboot  ;D

    Thanks for the help.


  • Netgate Administrator

    Ah the old classic:

    Usually that doesn't apply to BSD systems. I'm sure you could have reset the NAT table using a command or two but this was probably easier.  ;D

    Steve



  • @stephenw10:

    Ah the old classic:

    Usually that doesn't apply to BSD systems. I'm sure you could have reset the NAT table using a command or two but this was probably easier.   ;D

    Steve

    I love IT crowd :3
    And yeah, I actually didn't reboot because hitting "apply" in pfsense has always been good enough for me… well, in the past anyway.


  • Rebel Alliance Developer Netgate

    Actually you might have had a stale state in the state table from before the apply took effect, and resetting the states may have been enough to make it live.

    A reboot would have the same result though.


Locked