Archive > 20.1 Legacy Series

NAT Reflection not working

(1/3) > >>

BeanAnimal:
I have seen this same issue (never resolved) come up for the better part of 2 years over multiple live version.

Can somebody in the know, please answer?

Simple setup
All NAT reflection options enabled
Port Forwarding for internal service set.

External --> Internal = working
Tested on several ports and internal hosts

Internal --> Reflection --> Internal = NOT WORKING

Nothing logged (I assume this is expected)
This IS NOT a DNS issue.
DNS resolves properly to external IP

Traffic via FQDN or IP results in site cannot be reached
I can ping the external IP from internal though...

This worked with the exact same settings in pfsense.

After reading 20 threads just like this ... somthing appears to be broken.

Please don't offer split DNS as a resolution. NAT reflection should be working.

stefanpf:
I just did a quick test:
- portforwarding TCP 80 to internal Webserver
- enable only "Reflection for port forwards"
- create an A-record in Unbound with my external WAN IP
Works as expected   ???

BeanAnimal:

--- Quote from: stefanpf on April 15, 2020, 09:58:41 pm ---I just did a quick test:
- portforwarding TCP 80 to internal Webserver
- enable only "Reflection for port forwards"
- create an A-record in Unbound with my external WAN IP
Works as expected   ???

--- End quote ---

Not sure if you are trying to help, or just be snarky... sure appears to be the later. Either way responses like that are insanely frustrating.

As I mentioned - this is not working for me and I have found numerous threads with reports of the same issue... none of which have appear to have been resolved.

As I mentioned - this EXACT configuration was working in pfsense (days ago). Same config settings, same network, just changed router from pfsense to opnsense.

Not Mentioned - this same network configuration was working with SOPHOS UTM (weeks ago) - with manually defined NAT and DNAT rules (Sophos does not have auto "hairpin" or "reflection"

My setup is rather simple with only a very small number of rules.

3 External IPs
1 LAN
2 VLAN - one of them idle, the other setup for OpenVPN gateway

Port forwarding for Primary IP works and Port forwarding to (2) virtual IPs work.
Outbound nat for LAN --> WAN
Outbound nat for VLAN -->OpenVPN

No floating rules
Outbound Rules
1 Rule per VLAN (ANY outbound) to allow traffic (1 to WAN, 1 to OpenVLAN)
1 Rule (default) for LAN outbound (ANY)
5 Port forwarding rules 3 for primary IP and 1 per secondary IP (all working from external networks).

Not reflection is NOT working at all.

mimugmail:
Reflection only works internal to internal if the network is also assigned directly. Can you check the docs, I added a note there

BeanAnimal:
Thank you for the response!
Unless I am missing something - I am trying to reflect internal to internal:

Internal Primary Lan
192.168.1.0/24


Wan Interface (Static IP)
1.2.3.4

Internal Host A 192.168.1.100
Internal Host B 192.168.1.200

Port Forward Rule
1.2.3.4:5001 --> 192.168.1.200:5001  (working from public internet)

Internal Traffic
192.168.1.100:5001 --> 192.168.1.200:5001 working on internal network

192.168.1.100:5001 --> 1.2.3.4:5001 is not working

What would be my next steps for troubleshooting?

Navigation

[0] Message Index

[#] Next page