Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't access device inside the network using outside IP, but outside sources can

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elementalwindx
      last edited by

      I have a phone server inside my network that has a WAN and LAN port. The WAN is hooked into my pfsense, and using an outside static IP. Phones and everything works except I cannot access the web interface via the WAN ip address from inside my LAN. If I use a computer say at my home to access the phone server via its WAN IP, it works just fine.

      The PHONES interface on my pfsense is bridged between the actual WAN interface and the PHONE LAN interface.

      What do I have to do to make this work so that the users inside my LAN can access this phone server via the WAN IP?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Either enable NAT Reflection or run split DNS.

        1 Reply Last reply Reply Quote 0
        • E
          elementalwindx
          last edited by

          @KOM:

          Either enable NAT Reflection or run split DNS.

          Where do I do that (net reflection)? It's set to automaticly generate nat

          Also this phone server is on a separate VLAN than the rest of the computers on the LAN, which is why I wanted to enable using the WAN ip instead of the alternate vlan ip.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            System - Advanced - Firewall/NAT - Network Address Translation - NAT Reflection mode for port forwards.  It may or may not work well for you.  I ended up going with split DNS, and that's the method suggested by the pfSense people.

            1 Reply Last reply Reply Quote 0
            • E
              elementalwindx
              last edited by

              @KOM:

              System - Advanced - Firewall/NAT - Network Address Translation - NAT Reflection mode for port forwards.  It may or may not work well for you.  I ended up going with split DNS, and that's the method suggested by the pfSense people.

              That didn't seem to work and I don't know what split dns is.

              However creating a rule in the LAN to the dest of the phone server allowing any worked perfectly. Problem solved. Thanks though :)

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Split DNS is simply running DNS on LAN that says your domain points to a LAN IP instead of WAN IP.  For example, if you own foo.com and it points to 1.2.3.4, split DNS would have you install a DNS server on LAN and have it resolve foo.com to be 192.168.1.x or whatever its LAN IP address is instead of its WAN address.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.