Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Nat Reflection - Pure NAT

    NAT
    3
    10
    2657
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sergiosmvc last edited by

      Hello,

      I can't make one port foward working with pure nat nat reflection.

      i checked - Enables the automatic creation of additional NAT redirect rules for access to 1:1 mappings of your external IP addresses from within your internal networks.

      and checked Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from.

      but i can't make it work.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        You need to describe what does not work and how did you test this.

        1 Reply Last reply Reply Quote 0
        • S
          sergiosmvc last edited by

          i created one nat rule pointing to internal server port 3389 (rdp).

          If i configure that nat rule with nat-proxy reflection it works but in pure nat doesn't.

          outside it works booth.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            Perhaps you could just post the screenshot of that rule?  Or preferably you would fix your DNS to stop doing this ridiculous nonsense.

            1 Reply Last reply Reply Quote 0
            • S
              sergiosmvc last edited by

              I've an internal webserver hosting more that 100 domains. without nat reflection i need to replicate each domain in pfsense.

              ![Sem Título.png](/public/imported_attachments/1/Sem Título.png)
              ![Sem Título.png_thumb](/public/imported_attachments/1/Sem Título.png_thumb)

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                The rule should be TCP/UDP for starters. Other than that, I frankly totally fail to see why on earth would you replicate some 100 domains. You need one DNS record for internal IP of the RDP server on your LAN. What's hosted on the webserver is totally irrelevant.

                1 Reply Last reply Reply Quote 0
                • S
                  sergiosmvc last edited by

                  But why should be TCP/UPD if rdp is only TCP?

                  about dns entries:

                  i need to access inside to domain : aaa.com, bbb.com, ccc.com, ddd.com… those domains are pointing to my wan addresses.

                  i need te create all of those domains in pfsense dns write?

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned last edited by

                    @sergiosmvc:

                    But why should be TCP/UPD if rdp is only TCP?

                    No, it's not. Please, read some MS docs. Everything properly patched from W7 up uses both TCP and UDP.

                    Once again, we are discussing RDP here. I totally fail to see why the hell you need 100 ways to reach the damned box.

                    1 Reply Last reply Reply Quote 0
                    • dotdash
                      dotdash last edited by

                      RDP 8+ CAN use UDP, but perhaps his terminal server is not 2012. The 2008R2 upgrade, AFAIK, only gives the client v8 capability, while the server part remains at a v7 compatible level.
                      As for the web hosting, I would guess he has other rules for http/https that he has not posted.
                      OP- If it works in nat proxy mode, why not just use nat-proxy mode for that rule?

                      1 Reply Last reply Reply Quote 0
                      • S
                        sergiosmvc last edited by

                        @doktornotor:

                        @sergiosmvc:

                        But why should be TCP/UPD if rdp is only TCP?

                        No, it's not. Please, read some MS docs. Everything properly patched from W7 up uses both TCP and UDP.

                        Once again, we are discussing RDP here. I totally fail to see why the hell you need 100 ways to reach the damned box.

                        Sorry

                        The RDP was an example but those 100 domains are about http.

                        the nat foward for http works with NAT + Proxy but if i change it to PURE NAT i can't connect internal HTTP / MAIL / RDP etc etc

                        sorry about my english

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post