Port forward - NAT reflection

[Neptunek]

Hello,

After update to OPNsense 19.7.9_1-amd64 doesn't work port forward with reflection, or I do something wrong.

I have a WEB server at 192.168.0.100 and I set NAT port forwarding from WAN. When I'm outside my LAN, and try enter to my web page by WAN IP address, all is working OK, but when I'm in my LAN, and try enter my web server by DNS's names, I got: The connection has timed out. I can't find anything in logs.

I set NAT reflection to Enable in Firewall: NAT: Port Forward.

What is wrong?

[Neptunek]

14.01.2020 - really? nobody can help?  :(

[marjohn56]

I guess only those who use it and read your message might reply. I don't use it, I prefer to use a DNS override. Any internal requests get the local IP, I've done it that way since I first setup my servers.

[cmdr.adama]

For LAN - LAN you won't see anything in the logs on the FW as that traffic will not pass through it.

Your issue seems to be internal DNS.

when you run nslookup <hostname> from inside the LAN. does that find and resolve the host to the correct IP?

[marjohn56]

OP hasn't mentioned an issue with the firewall, he's talking about NAT reflection not working.

[BeanAnimal]

Same issue here -

NAT reflection turned on in Advance
NAT reflection enabled on Port Forwarding Rule

Working
External -> 80, 443, etc Rules -> internal host

From INSIDE
DNS returns proper external IP
Unable to browse to host using External IP or FQDN, with or without specifying the port.

Someting appears to be broken here. Moved from PFsense and reflection was working. Same setup.

[penM]

Around March, when I set up ark's game server, I needed the function of port forwarding reflection, so I turned it on.

This feature worked correctly for ark games, but I lost access to the haproxy load balancing site.

After that, this function was disabled, and port forwarding was performed by registering both packets from the WAN interface and packets from the LAN interface, and manually performing port forwarding reflection.