NAT redirect back



  • Hello,

    I have a website that I host at home. Today, I installed pfSense to use as my router and went to enable NAT. I was able to get it to work from an outside source to access my website, but when I try going to my website from the LAN it does not work.

    Here is my setup

    Thank you,



  • @locus2k:

    … but when I try going to my website from the LAN it does not work.

    Does it do anything at all?  What does the browser display?
    What are the system admin access settings?  Is there a port conflict?  hint: WebGUI redirect

    [SOLVED] NAT Reflection Troubles



  • You should be running a split-DNS setup to resolve the internal web server address locally, not using an external DNS server for your LAN cilents.



  • @muswellhillbilly:

    You should be running a split-DNS setup to resolve the internal web server address locally, not using an external DNS server for your LAN cilents.

    Pretty presumptuous of you to presume to know best what others should do.



  • @NOYB:

    Pretty presumptuous of you to presume to know best what others should do.

    Huh? The guy can access a locally-hosted server from outside but not from inside. Sounded like a straightforward DNS issue, so I made a suggestion. I thought that was the point behind having a forum?


  • Banned

    Considering the only "alternative" is the horrible NAT reflection clusterfuck, that suggestion is certainly spot on.



  • Pretty presumptuous of you to presume to know best what others should do.

    The problem was well-known, and there are only two solutions – one of which is inferior.  I don't understand why you would even post that.



  • Such arrogance.

    NAT reflection is valid and appropriate solution for some environments and implementations.



  • If we are done with arguing about the merit of some replies, maybe we can go back the issue, which I think I am having as well.

    I posted here: https://forum.pfsense.org/index.php?topic=101113.0

    came to realized I think the OP issues here is exactly the same as mine,

    I tried Split DNS and NAT reflection and it just doesn't work.

    @KOM:

    The problem was well-known, and there are only two solutions – one of which is inferior.  I don't understand why you would even post that.

    Those "pretty well known" solutions don't seen to be working for me or the OP…



  • NAT reflection is valid and appropriate solution for some environments and implementations.

    Sure, if you want something that's slow and/or broken.  Seriously, it's dumb to NOT use spit DNS unless you don't control DNS in the first place.  Even the pfSense doc says it's a better solution ('elegant' is the specific word they use.)

    I tried Split DNS and NAT reflection and it just doesn't work.

    You don't have the same problem, I believe.  If you did, you wouldn't be able to access based on its public IP address from LAN.  That's the entire point of NAT Reflection, to allow you to access a LAN client from LAN using its NAT'd IP address.

    Those "pretty well known" solutions don't seen to be working for me or the OP…

    Oh, you know locus2k personally?  He hasn't replied from his initial post so we have no way of knowing what he has done since or if it's now working or not.  Plus, my comment about 'well-known' was to do with the problem, not the solution.  This problem is well-known enough to have a dedicated page at pfSense docs:

    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks



  • @KOM:

    You don't have the same problem, I believe.  If you did, you wouldn't be able to access based on its public IP address from LAN.  That's the entire point of NAT Reflection, to allow you to access a LAN client from LAN using its NAT'd IP address.

    I could say the same, do you know the OP personally, he never said he wasn't able to access from LAN using the public IP… however creating an argument about others opinions and thread is not really helping anyone, no sure what the point of such comments.

    You may be 100% right, maybe it is the same issues maybe it is not, it sure look that way from here, I'm just sharing that I personally tried those "well known" solution and still have the issue.



  • I could say the same, do you know the OP personally

    I am not the one claiming he still has the problem which our suggestions didn't solve.

    however creating an argument about others opinions and thread is not really helping anyone, no sure what the point of such comments.

    The only 'argument' here is between people who have a history of knowing what they're talking about versus those who don't.

    I'm just sharing that I personally tried those "well known" solution and still have the issue.

    Then I guess you are cursed, or you don't have the same problem, or you screwed up the solution.  Can't tell based on you saying 'it doesn't work'.


Log in to reply