Can't access resources with our domain name from inside the network



  • Hi, I used to have a solution for that with NAT but for some reason it's not working anymore.
    I'd like to access our web pages using our domain name, from inside the network.
    I can still access them using the internal IP of the server, or with the domain name when I'm outside the LAN.

    That's the NAT rule that I think used to work, but correct me if something is incorrect or I need to configure anything else:

    if: wan
    protocol: tcp/udp
    source address: any
    source port: any
    destination address: my wan ip (alias for my a record)
    destination port: 443
    nat ip: my server internal ip
    nat port: 443

    DNS is probably not the issue because I tried to browse my WAN IP too.



  • In Setup >> Advanced >> Networking there is a setting for proxy NAT at the bottom.



  • Ok I think the problem was "Block private networks" on WAN interface :X
    Maybe its because now with Comcast I have a modem with 2 IP(s) and the LAN is connected to the modem and receiving the 2nd IP, so the incoming connection from LAN and WLAN (comcast wifi) considered as private network?… not sure...


  • LAYER 8 Netgate

    with Comcast I have a modem with 2 IP(s) and the LAN is connected to the modem and receiving the 2nd IP, so the incoming connection from LAN and WLAN (comcast wifi) considered as private network?

    Huh?  You lost me as to your actual topology there.

    Private IPs are just RFC1918:  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

    If you are connected to something outside your WAN, are receiving an RFC1918 address and are not NATted to a public IP, and attempting to make a connection into your WAN to a port forward then yes, you need to turn off block private networks on your WAN.

    Blocked connections from the private IP should show up in the firewall logs.

    When inside your network does your server DNS resolve to internal or external IP?  If external, you need NAT reflection.


Log in to reply