Nat Reflection - Pure NAT

sergiosmvc

Hello,

I can't make one port foward working with pure nat nat reflection.

i checked - Enables the automatic creation of additional NAT redirect rules for access to 1:1 mappings of your external IP addresses from within your internal networks.

and checked Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from.

but i can't make it work.

doktornotor

You need to describe what does not work and how did you test this.

sergiosmvc

i created one nat rule pointing to internal server port 3389 (rdp).

If i configure that nat rule with nat-proxy reflection it works but in pure nat doesn't.

outside it works booth.

doktornotor

Perhaps you could just post the screenshot of that rule? Or preferably you would fix your DNS to stop doing this ridiculous nonsense.

sergiosmvc

I've an internal webserver hosting more that 100 domains. without nat reflection i need to replicate each domain in pfsense.

![Sem Título.png](/public/imported_attachments/1/Sem Título.png)
![Sem Título.png_thumb](/public/imported_attachments/1/Sem Título.png_thumb)

doktornotor

The rule should be TCP/UDP for starters. Other than that, I frankly totally fail to see why on earth would you replicate some 100 domains. You need one DNS record for internal IP of the RDP server on your LAN. What's hosted on the webserver is totally irrelevant.

sergiosmvc

But why should be TCP/UPD if rdp is only TCP?

about dns entries:

i need to access inside to domain : aaa.com, bbb.com, ccc.com, ddd.com… those domains are pointing to my wan addresses.

i need te create all of those domains in pfsense dns write?

doktornotor

@sergiosmvc:

But why should be TCP/UPD if rdp is only TCP?

No, it's not. Please, read some MS docs. Everything properly patched from W7 up uses both TCP and UDP.

Once again, we are discussing RDP here. I totally fail to see why the hell you need 100 ways to reach the damned box.

dotdash

RDP 8+ CAN use UDP, but perhaps his terminal server is not 2012. The 2008R2 upgrade, AFAIK, only gives the client v8 capability, while the server part remains at a v7 compatible level.
As for the web hosting, I would guess he has other rules for http/https that he has not posted.
OP- If it works in nat proxy mode, why not just use nat-proxy mode for that rule?

sergiosmvc

@doktornotor:

@sergiosmvc:

But why should be TCP/UPD if rdp is only TCP?

No, it's not. Please, read some MS docs. Everything properly patched from W7 up uses both TCP and UDP.

Once again, we are discussing RDP here. I totally fail to see why the hell you need 100 ways to reach the damned box.

Sorry

The RDP was an example but those 100 domains are about http.

the nat foward for http works with NAT + Proxy but if i change it to PURE NAT i can't connect internal HTTP / MAIL / RDP etc etc

sorry about my english