OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: sebastian on September 12, 2017, 12:25:15 pm

Title: How I do to redirect "itself" into network?
Post by: sebastian on September 12, 2017, 12:25:15 pm

I have a network with a NAT rule as follows:

WAN any:any "WAN Adress":80 redirect to 192.168.1.10 port 80

This works wonderfully from outside, but it doesn't work from the inside (Typing the WAN adress on the inside of the network instead lands you in the administrative interface of the firewall).

Now I want, that if I, from inside the network, type the external IP of the network, this packet should be rewritten to remain in the network instead.

So I create a rule as follows:

LAN any:any "WAN Adress":80 redirect to 192.168.1.10 port 80

The idea is that if you are inside the 192.168.1.* network (coming from the LAN interface), and write the WAN adress in the adress bar, you should land in the 192.168.1.10 server (like you visited the server from outside). But this doesn't work.

Title: Re: How I do to redirect "itself" into network?
Post by: phoenix on September 12, 2017, 01:23:41 pm

Silly question but why wouldn't you go directly to the IP address of the local server? In any case you could solve that with DNS and/or NAT reflection - I'd suggest using valid hostnames for your LAN machines and DNS would be the easiest solution.

Title: Re: How I do to redirect "itself" into network?
Post by: sebastian on September 12, 2017, 01:32:23 pm

Because I have set up a server that handles dynamic domain names (users in a educational facility, like user1.pupils.school.tld), so I cannot statically define them anywhere.
And I want these dynamic domain names to be reachable from inside the firewall aswell.

So by pointing the external IP to the "inside IP" it should work, but apparently it does not.
Why not?

If a packet comes in the LAN interface:

Source IP: 192.168.1.95
Source port: 42357

Destination IP: [WAN IP]
Destination Port: 80

And the NAT rewrites this to the following:

Source IP: 192.168.1.95
Source port: 42357

Destination IP: 192.168.1.10
Destination Port: 80

Why does it not work? Any that have a technical explanation?

Title: Re: How I do to redirect "itself" into network?
Post by: BertM on October 19, 2017, 05:46:44 pm

I assume you configured a portforwarding rule to forward incoming port 80 traffic to your internal webserver.

In the configuration of this port forwarding, you need to turn-on Nat reflection, so traffic from inside can be NAT-ed back in to the inside lan towards the webserver.