IP Redirect?

  • I have several web based services which use the IP address in the address field when connecting to certain services.  On the outside they use a public IP.  On the inside they use a private IP.  This is because the services are hosted inside our network.  I have been having to do Split-Brain DNS and switch the addresses to name rather than IP.  Is there a way so that I can use the external IP on the inside and have it redirect traffic going to that external IP to go to an internal IP?

    Ex.  Http request on the inside going to (Outside Routable IP) redirected to (Inside)  There is also a 1:1 mapping from the specified external ip to the internal IP.  I am looking for a way to redirect traffic since a request cannot go out and come back in the same interface.


  • At system>advanced enable nat reflection at the very bottom (disabled by default). Also note that you have to change your 1:1 to a portforward for this to work. Unless you need a whole lot of ports you don't need 1:1 anyway.

  • I am doing 1:1 because I have different services which use the same ports…ie port 80 going to 2 different machines.

  • @kapara:

    I am doing 1:1 because I have different services which use the same ports…ie port 80 going to 2 different machines.

    yeah, but you can specify the VIP to use in the port-fwd without using a 1-1.

  • correct, portforwards work for virtual IPs as well and so will natreflection once you are using it instead of 1:1 nat.

  • Ok…So I can still use 1:1 NAT but nat reflection will not work for those.  It only works when using forwarding.  Is that correct?



  • yes.
    But you "can" use 1:1 NAT and make on top of that the forwardings. (to invoke the NAT-reflection)

  • I wouldn't use 1:1 nat for single port forwards (e.g. a webserver). It's much more flexible to use portforwards as you this way can still map multiple servers to different ports on the same public IP (in case you are running out of public IPs).

  • I only use 1:1 nat for specific outbound traffic like mail server.  Makes sense to use port forwarding for inbound..ie webserver.

  • You can accomplish this by using portforwards for inbound traffic and advanced outbound nat for outbound traffic as well.

  • So is there a reason one would use one of them over the other?

  • I would only use 1:1 nat if I really need to translate all ports from one ip to another. If I  only need few ports I would always go with portforwards and advanced outbound nat if needed as this is more flexible like I already said (and it works with nat reflection  ;) ).

  • ahhh… I get it...ie DMZ port

  • Forgot to say thank you..



Log in to reply