Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT Reflection for Web Servers
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT Reflection for Web Servers (Read 6918 times)
nashmeira
Newbie
Posts: 5
Karma: 0
NAT Reflection for Web Servers
«
on:
April 02, 2019, 11:31:15 pm »
I have a few webserver on a DMZ that I have setup with OPNsense. Everything works find from outside the LAN-1 however internally we are not able to access these servers. I am using Port Forwarding not 1-to-1.
Looking around online it seems a simple enough task to turn on NAT reflection: FIREWALL > SETTINGS > ADVANCED > Network Address Translation enabling the following settings.
ENABLED - Reflection for port forwards
ENABLED - Reflection for 1:1 (Even though I’m not using 1:1)
ENABLED - Automatic outbound NAT for Reflection
Each of the sites have a Static IP with ports 80, 443 forwarded to the internal servers IP on the DMZ-1.
NAT Forward Rules look like this:
^Source
IF: WAN1
PROTO: TCP
ADDRESS: *
PORTS: *
^Destination
ADDRESS: PUBLIC-WAN IP: 99.88.77.66
PORTS: 80,443 (Created as an Aliases)
^NAT
IP: INTERNAL SERVER IP: 192.168.10.10 (Created as an Aliases)
PORTS: 80,443 (Created as an Aliases)
All other settings are default. NAT reflection uses System Default, Filter rule association uses Rule NAT: Site-1 (The info from the rules description).
Even though I have NAT reflection enabled nothing seems to help if I’m on the internal LAN-1 network. I tried enabling NAT reflection in the individual rule but still nothing. So, I’m kinda stumped. I can see everything from outside but nothing from inside.
One thing I have had happen is if I try to go to one of the sites using the url (From LAN-1) the port 8443 is added to the end, which then loads to be the logon page for OPNsense. So, I am wondering if there is a firewall rule I need to edit?
My setup also uses two different internet sources. So, there is a multi-gateway setup for fail over. But this does not seem to affect the external to internal DMZ-1 traffic, nor can I reach the OPNsense interface from outside when testing.
I’m really liking OPNsense and I know its just lack knowledge that is the issue. I have tried referencing some pfsense articles but even still I’ve had no luck figuring this one out.
Logged
sycada
Newbie
Posts: 5
Karma: 0
Re: NAT Reflection for Web Servers
«
Reply #1 on:
August 08, 2019, 02:09:48 pm »
I also encountered this problem. I've turned on ‘Reflection for port forwards’, but I still can't access the mapped address from the internal network.
Logged
weswitt
Newbie
Posts: 10
Karma: 0
Re: NAT Reflection for Web Servers
«
Reply #2 on:
August 11, 2019, 06:18:28 pm »
+1 I'm encountering the same problem. I cannot get NAT reflection for HTTP/S working.
Logged
jabbas
Newbie
Posts: 1
Karma: 0
Re: NAT Reflection for Web Servers
«
Reply #3 on:
December 15, 2019, 10:52:52 pm »
You have to enable "Automatic outbound NAT for Reflection" to make te NAT Reflection working.
Logged
pyrodex
Newbie
Posts: 45
Karma: 0
Re: NAT Reflection for Web Servers
«
Reply #4 on:
December 16, 2019, 10:53:34 pm »
Quote from: jabbas on December 15, 2019, 10:52:52 pm
You have to enable "Automatic outbound NAT for Reflection" to make te NAT Reflection working.
This doesn't work...
I have the same problem. Port forward NAT on the WAN IP and DMZ can't access it even though DMZ has access to the internet/wan. The connection comes back into the IP on the port forward NAT it redirects to as the DMZ internal host IP.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT Reflection for Web Servers