16
19.7 Legacy Series / Re: 1:1 NAT Reflection doesn't work
« on: January 29, 2020, 03:02:27 pm »Hi all,
Have recently migrated one of our sites to OPNSense 19.7 from pfSense which I used for the past 5 years.
I have a web server on site hosting a demo with 1:1 NAT configured using one of the IP's in our public subnet.
I have all the NAT reflection boxes ticked however I cannot access the server via its public address from inside the network... The 1:1 NAT and firewall rule on the WAN work as expected, the server is accessible from the outside. However NAT reflection is not working.
This is a L3 switched environment with several VLAN's routed on the switch core. There is an uplink to OPNSense which then goes off to WAN. Static routes are all in place and everything works as expected, except NAT reflection.
Most client PC's are in 172.16.1.0/24 as is the server (172.16.1.183).
I did some googling and found others that have reported NAT reflection not functioning.
I know reflection isn't a great idea, and internal clients should access internal resources via their internal addresses (so I could do a host override on local DNS forwarder) but NAT reflection is a feature on offer and should therefore work.
Any suggestions?
Autoreflection for Outbound rules are only for the same network where also the internal server sits, so when you have a different network with a L3 switch behind you have to create a manual outbound NAT rule:
Iface: LAN interface of internal server
Source: Your real client net
Destination: Your internal server
Translated interface: interface address (default)
This will do it ..
Perfect thanks!