OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: engeliii23 on October 21, 2016, 01:20:33 pm

Title: incorrect config/routing for lan -> lan access.
Post by: engeliii23 on October 21, 2016, 01:20:33 pm
Dear all,

i'm already sorry to those who find this easily, i'm quite not that professional and due to that unable to configure this correctly.

Following my problem:
I have a opnsense server running with a lan and wan network. In the lan are several machines running as server.
I have serveral ip's, each defined as virtual ip. I also added FW rules and FW nat as 1:1 from <wan-ip> -> <lan-ip>.

Everything works until i try to reach from one lan server to the other over the dns which points to the wan ip.

Does anybody know what i have to configure in addition to get this to work? And is there also a way to configure the servers to have the public ip directly or would i then need to put every single on into its own network?

Thanks you all so much.

Here my version:
OPNsense 16.7.6-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016

Regards engeliii23
Title: Re: incorrect config/routing for lan -> lan access.
Post by: Zeitkind on October 21, 2016, 03:13:21 pm
You need to configure NAT reflection.
Firewall - Settings - Advanced - Reflection for port forwards - enable (Pure NAT)

Or, to describe it  somehow:
You now tell your clients to go out of your house (WAN-IP) to get to the room next to them (your in-house servers) - which they can't, because they cannot turn back and go inside again once the left the LAN. NAT reflection gives them a sign to not leave (via WAN) but just enter the next room, i.e. NAT reflection re-routes the packets and so they do not leave your LAN but instead are handled as already inside.

A different approach is to use 2 seperate DNS records - one for inside, one for the rest of the world (called split DNS).