NAT / Port forwarding working for Internet -> mynet but not mynet -> mynet

  • I have a subnet of private IP addresses routed to me by my ISP (/29). I use a number of these for hosted services and a 1 for outgoing NAT for the desktops / devices on my network. These are created as Virtual IP addresses on the WAN interface.

    In my example, is the outgoing IP for all non-public hosts on my network (e.g. and is used for a web server and port 80 is forwarded to There is an outgoing rule that NATs to

    Access from outside the network to the web server on ( works fine. So for example a machine on the internet can open in a browser and this works. If I connect to a machine on the internet from the host, then that connection appears to come from as expected.

    Connections to machines on the internet from and appear to come from - again, as expected.

    The issue is that machines on the internal network ( cannot connect to the webserver address.

    For example:

    --2014-10-09 20:31:38--
    Connecting to||:80... failed: Network is unreachable.

    Doing a tcpdump on and looking for traffic to port 80 shows no connection attempt from but does show the connections from machines outside the network.

    I'm not using 1:1 NAT - I'm forwarding specific ports to the target host and have a reciprocal outgoing entry for all traffic from that host. I also have the associated firewall rule to pass traffic to The outbound NAT rule for is the first rule in the list of NAT entries with the generic network one below that.

    Any ideas what I'm missing here and what it would take to make this work ?

    Thanks in advance,

  • If you want to access a LAN host with its external NAT address from another LAN host you have to activate NAT reflection for the appropriate NAT rule.
    You can do this either in each NAT rule which you want to have the function enabled or global in System > Advanced > Firewall and NAT and set the rule to "system default".