I am sure this is something simple I am missing…



  • I have port forwarding set-up for an internal network DVR to allow connections from the outside.  Internally, I am using 1918 space and have set-up split DNS so that I can have the same address resolve internally and externally (just from different places).  I have tested the DNS resolution aspect so that from the outside, it resolves to my firewall (pfsense) and if I am internal, it resolves to the ip address of the server itself.

    I set-up port forwarding on pfsense to NAT incoming connections to the internal address of the server port 8082 and I get the certificate agreement etc. and I can see in the logs that it is indeed doing the translation.  It responds though with the internal address of the server after the initial exchange and I cannot tell specifically why.  My assumption would be that the inbound connection is resolved to my pfsense, it see this traffic bound for port 8082 and translates that to the internal server address :8082 (which it does) and outbound, I would assume it would NAT that traffic to the WAN interface address (per the outbound NAT rules) and continue on.  Obviously, since it is responding to the client on the outside (external to pfsense) with an internal address, it falls down.

    I am certain I am doing something silly, and have read through all the troubleshooting guides, and it may be something on the stupid windows server that I have misconfigured, but for the life of me I have run out of places to check.  Thanks for any assistance.



  • Is the server responding with the internal address? If so, this is a redirect in the server that is causing an issue. Websites should be setup with DNS name for redirects or better, with logical redirects. You will need to determine where the response is originating from … the server, or pfsense.