Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Yet another NAT issue :: nothing seems to work

    NAT
    3
    4
    1675
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skamal last edited by

      Hi! I am trying to set up a nat in my 3 nic box, and apparently it is not working. Let me give you the picture

      WAN :: DHCP from the ISP (real IP), but it seemed to catch the same IP every time
      DMZ :: 10.x.x.x series IPs, and the hosts can go out to the internet
      LAN :: 192.168.x.x series IPs, and they too can go out to the internet and also to the DMZ

      Now, I have set up a web server in the DMZ, with an IP of 10.x.x.17, which can be reached from the LAN. I get the pages quite easily.

      I wanted thiese to be available from the WAN side, so I have added one rule by adding a rule on the WAN port, through Firewall -> NAT > Port forward, where I have said that the port 80 from WAN should be mapped to 10.x.x.17 port 80. It has updated the firewall rules in the WAN bit and I have activated the changes.

      Ideally, at this point, I am supposed to be able to browse to http://WAN-IP:80 (or without :80, doesn't really matter) – but the page is timing out!!! I can still browse the DMZ IP, 10.x.x.17 without any problem; but nothing is reached from the outside world.

      I have checked the google, and also the tutorials, but either I'm too dumb to understand where the soluton lies or maybe it is a bit too cryptic to be notices.

      Would appreciate if someone could please point out if I have done something wrong and how to go about it.

      Thanks and regards

      S Kamal

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        See http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        1 Reply Last reply Reply Quote 0
        • M
          mrzaz last edited by

          Hello,

          You don't mention if you are trying to contact it from inside your NATed network. ?!
          (Basicly going from 192.168.x.x through NAT to you external WAN-IP.)

          Have you checked the setting "Disable NAT Reflection" in System / Advanced ?
          Is it ticked or not ?  (for reflection to work it should NOT be ticked in as far as I know)

          Here is some information about "NAT Reflection" that you use when doing the above.
          http://www.openbsd.org/faq/pf/rdr.html#reflect

          Also there may be a bug somewhere ?!

          Best regards
          Dan Lundqvist

          1 Reply Last reply Reply Quote 0
          • S
            skamal last edited by

            Thanks to cmb and mrzaz for the response.

            Now that I have checked from an outside host, I seem to be able to browse the web server – which I couldn't from inside, which means redirection is working. Also, I didn't know that they could be handled in such a different way in PF -- apparently a lack of experience with that.

            But that solves the trouble for the time being. Thanks for the links to pf doc, I'm reading it at the moment.

            Thanks again.

            Regards

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy