Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forward is perfect but NAT Redirection/Reflection Does't work

    Scheduled Pinned Locked Moved NAT
    6 Posts 5 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rahuman
      last edited by

      Hi Everyone,

      I am currently setup pfSense as a transparent proxy at my work place.

      My Current Layout is as follows:

      Setting in my pfSense Firewall:

      So far everything is working perfectly, clients are able to access services from outside without an issue.

      But as the subject of the post suggests, I am unable to access the server inside LAN by typing the External IP (e.g. 123.33.22.11). I have googled and tried NAT Reflection but that doesn't work. Ofcourse I can access the server by typing in the LAN ip (192.168.1.2). I need this to work due to some support issues.

      Kindly Advise.

      Regards / Rahuman.

      1 Reply Last reply Reply Quote 0
      • S Offline
        Schmeisser
        last edited by

        We also have a similar scenario, NAT reflection or loopback seems to work for general ports (like TCP 80). But not working for forwarded ports. Help!

        1 Reply Last reply Reply Quote 0
        • KOMK Offline
          KOM
          last edited by

          To get around this problem, I run split DNS.  Internal DNS resolves those servers to their LAN IP address.

          1 Reply Last reply Reply Quote 0
          • S Offline
            Schmeisser
            last edited by

            My LAN clients are using a software, and that software cannot use names. It can only use IP addresses. So, split DNS is not a solution for us.

            1 Reply Last reply Reply Quote 0
            • T Offline
              tjsummers51l
              last edited by

              The dest. addr. should not be set to the wan address.  As the wan address on the pfsense router is the 192 address on the lan side of the isp router. So Nat reflection is not happening on the pfsense router, but on the isp router.  I can tell you that if it similar to the comcast routers, nat reflection will never work on the comcast router's.  One solution would be to bridge the isp router (if it is a comcast smc, you can call and they can bridge it for you) I'm not sure of the procedure for other isp's.  But I'm sure they should be able to bridge it for you. That way, the external IP will be passed to the WAN interface of the pfsense box.  Then your configuration as stated in the picture would work.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator
                last edited by

                Sure looks like double nat issue to me as well, pfsense has 192.168.2 address on its wan?  You don't specifically show that.

                As tjsummers points out, your best option is to remove the double nat, ie bridge your isp device so that pfsense has public on its wan.  Or stop using lame ass software that does not support dns ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07 | Lab VMs 2.8, 25.07

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.