Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP Redirect?

    Scheduled Pinned Locked Moved NAT
    14 Posts 4 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara
      last edited by

      I have several web based services which use the IP address in the address field when connecting to certain services.  On the outside they use a public IP.  On the inside they use a private IP.  This is because the services are hosted inside our network.  I have been having to do Split-Brain DNS and switch the addresses to name rather than IP.  Is there a way so that I can use the external IP on the inside and have it redirect traffic going to that external IP to go to an internal IP?

      Ex.  Http request on the inside going to 5.5.5.5 (Outside Routable IP) redirected to 192.168.1.5 (Inside)  There is also a 1:1 mapping from the specified external ip to the internal IP.  I am looking for a way to redirect traffic since a request cannot go out and come back in the same interface.

      Thanks

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        At system>advanced enable nat reflection at the very bottom (disabled by default). Also note that you have to change your 1:1 to a portforward for this to work. Unless you need a whole lot of ports you don't need 1:1 anyway.

        1 Reply Last reply Reply Quote 0
        • K
          kapara
          last edited by

          I am doing 1:1 because I have different services which use the same ports…ie port 80 going to 2 different machines.

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            @kapara:

            I am doing 1:1 because I have different services which use the same ports…ie port 80 going to 2 different machines.

            yeah, but you can specify the VIP to use in the port-fwd without using a 1-1.

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              correct, portforwards work for virtual IPs as well and so will natreflection once you are using it instead of 1:1 nat.

              1 Reply Last reply Reply Quote 0
              • K
                kapara
                last edited by

                Ok…So I can still use 1:1 NAT but nat reflection will not work for those.  It only works when using forwarding.  Is that correct?

                Thanks,

                Mark

                Skype ID:  Marinhd

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  yes.
                  But you "can" use 1:1 NAT and make on top of that the forwardings. (to invoke the NAT-reflection)

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    I wouldn't use 1:1 nat for single port forwards (e.g. a webserver). It's much more flexible to use portforwards as you this way can still map multiple servers to different ports on the same public IP (in case you are running out of public IPs).

                    1 Reply Last reply Reply Quote 0
                    • K
                      kapara
                      last edited by

                      I only use 1:1 nat for specific outbound traffic like mail server.  Makes sense to use port forwarding for inbound..ie webserver.

                      Skype ID:  Marinhd

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by

                        You can accomplish this by using portforwards for inbound traffic and advanced outbound nat for outbound traffic as well.

                        1 Reply Last reply Reply Quote 0
                        • K
                          kapara
                          last edited by

                          So is there a reason one would use one of them over the other?

                          Skype ID:  Marinhd

                          1 Reply Last reply Reply Quote 0
                          • H
                            hoba
                            last edited by

                            I would only use 1:1 nat if I really need to translate all ports from one ip to another. If I  only need few ports I would always go with portforwards and advanced outbound nat if needed as this is more flexible like I already said (and it works with nat reflection  ;) ).

                            1 Reply Last reply Reply Quote 0
                            • K
                              kapara
                              last edited by

                              ahhh… I get it...ie DMZ port

                              Skype ID:  Marinhd

                              1 Reply Last reply Reply Quote 0
                              • K
                                kapara
                                last edited by

                                Forgot to say thank you..

                                Thanks,

                                Mark

                                Skype ID:  Marinhd

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.