Reflection just won't work.
-
Hello,
I have 5 interfaces on my PF_Sense firewall.
WAN - T1 with one Virtual IP using CARP (Hosts all of my servers in the DMZ)
WAN2 - Cable Modem (Used as an internet connection for the LAN and INTERNET_ONLY)
LAN
DMZ
INTERNET_ONLYFrom the LAN and DMZ reflection is not working properly, but on the INTERNET_ONLY interface it works perfectly fine.
I have a virtual IP set up on the WAN interface. So the interface IP address is 111.111.111.90 and the VIP is 111.111.111.92.
If I attempt to connect to port 80 on 111.111.111.90 from the LAN, it works.
If I attempt to connect to port 80 on 111.111.111.92 from the LAN, it fails.DNS is working perfectly, it resolves the right IP.
Everything works perfect from outside of the network.Any ideas as to why reflection is not working on the LAN and DMZ?
I do have reflection enabled, btw.
-
What kind of NAT configuration are you using?
Also please don't post the same thing multiple times. I removed the duplicate post.
-
-
Is there anymore information I should provide? I'm really at a loss here.
-
What's that DMZ>LAN outbound NAT rule for???
-
That's so that from the LAN I can access the DMZ.
-
You don't need to nat from lan to dmz. Remove it.
-
Done, but that didn't fix the problem. Is there any more info you need?
-
The more I look at your otbound NAT config the more I am puzzled. I think you don't need it at all. Try disabling AON again and retest. There is nothing in there that is not handled by the default natting that is present when AON is disabled. Well, there are even some things missing in your manual outbound nat configuration I think.
-
I need the outbound NAT because I the LAN to only go out on WAN_CABLE
-
No, wrong. Only firewallrules determine what goes out which wan. Outbound nat only specifies wether the traffic is natted or not.
-
Switched to Automatic outbound NAT.
Exact same scenario.
-
Try diagnostics>states, reset states. Then retest nat reflection.
-
Still a no go. Does this have to do with the MultiWAN?
-
I have 3 wans and 6 internal subnets at the office with a CARP setup and even vlanned. Reflection is working just fine. Don' know why it's not working for you. I'm out of ideas ???
-
I've even re-installed pfSense
-
If you're using 1:1 NAT, reflection won't work, but that doesn't appear to be the case. It also doesn't work for ranges of more than 500 ports, but you don't have that either. Do you see anything relevant in the system log?
-
nothing gets blocked.