Yet another NAT issue :: nothing seems to work
-
Hi! I am trying to set up a nat in my 3 nic box, and apparently it is not working. Let me give you the picture
WAN :: DHCP from the ISP (real IP), but it seemed to catch the same IP every time
DMZ :: 10.x.x.x series IPs, and the hosts can go out to the internet
LAN :: 192.168.x.x series IPs, and they too can go out to the internet and also to the DMZNow, I have set up a web server in the DMZ, with an IP of 10.x.x.17, which can be reached from the LAN. I get the pages quite easily.
I wanted thiese to be available from the WAN side, so I have added one rule by adding a rule on the WAN port, through Firewall -> NAT > Port forward, where I have said that the port 80 from WAN should be mapped to 10.x.x.17 port 80. It has updated the firewall rules in the WAN bit and I have activated the changes.
Ideally, at this point, I am supposed to be able to browse to http://WAN-IP:80 (or without :80, doesn't really matter) – but the page is timing out!!! I can still browse the DMZ IP, 10.x.x.17 without any problem; but nothing is reached from the outside world.
I have checked the google, and also the tutorials, but either I'm too dumb to understand where the soluton lies or maybe it is a bit too cryptic to be notices.
Would appreciate if someone could please point out if I have done something wrong and how to go about it.
Thanks and regards
S Kamal
-
See http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
Hello,
You don't mention if you are trying to contact it from inside your NATed network. ?!
(Basicly going from 192.168.x.x through NAT to you external WAN-IP.)Have you checked the setting "Disable NAT Reflection" in System / Advanced ?
Is it ticked or not ? (for reflection to work it should NOT be ticked in as far as I know)Here is some information about "NAT Reflection" that you use when doing the above.
http://www.openbsd.org/faq/pf/rdr.html#reflectAlso there may be a bug somewhere ?!
Best regards
Dan Lundqvist -
Thanks to cmb and mrzaz for the response.
Now that I have checked from an outside host, I seem to be able to browse the web server – which I couldn't from inside, which means redirection is working. Also, I didn't know that they could be handled in such a different way in PF -- apparently a lack of experience with that.
But that solves the trouble for the time being. Thanks for the links to pf doc, I'm reading it at the moment.
Thanks again.
Regards