NAT Reflection / Hairpinning broken for WiFi clients after 26.1 upgrade

Started by PilaScat, February 12, 2026, 01:51:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 12, 2026, 01:51:34 PM
Hi everyone,

I've recently updated my OPNsense box to version 26.1 and performed the firewall migration. Since the update, I'm experiencing a strange issue with NAT Hairpinning (NAT Reflection).

The Issue: I can no longer access my locally hosted services from within my internal network using their public FQDN/WAN IP. However, there are some specific behaviors:

  • Tunnels work: Services routed through Cloudflare Tunnels or Pangolin are reachable without issues.
  • Ethernet works: My desktop PC, connected via Ethernet, can still reach local services via the WAN IP (Hairpinning seems to work here).
  • WiFi is broken: Devices connected via my UniFi APs cannot reach local services. They can only access them when switching to mobile data (LTE/5G).

Current Configuration: Before the update, everything was working perfectly. My current NAT settings are:

Reflection for port forwards: Disabled

Reflection for 1:1: Disabled

Automatic outbound NAT for Reflection: Disabled

It seems like the NAT Reflection is not being applied correctly to the WiFi interface/VLAN after the migration, or there's a routing/DNS conflict introduced by the new version.

I am attaching screenshots of my Firewall settings.

Has anyone else experienced issues with NAT Reflection being restricted to specific interfaces after the 26.1 migration? Any advice on where to look would be greatly appreciated.

Thanks in advance!
February 13, 2026, 01:29:12 AM #1
Wifi was broken in general for the 26.1 release. I'm surprised it was working for you. Try the latest update. You may need ot delete and reinstall the wifi.
February 13, 2026, 12:14:47 PM #2
Quote from: TheSHAD0W on February 13, 2026, 01:29:12 AMWifi was broken in general for the 26.1 release. I'm surprised it was working for you. Try the latest update. You may need ot delete and reinstall the wifi.

I'm not using the integrated wireless
February 13, 2026, 03:17:35 PM #3 Last Edit: Today at 01:01:03 AM by nero355
Quote from: PilaScat on February 12, 2026, 01:51:34 PM
  • Ethernet works: My desktop PC, connected via Ethernet, can still reach local services via the WAN IP (Hairpinning seems to work here).
  • WiFi is broken: Devices connected via my UniFi APs cannot reach local services.
NOFI, but there is something seriously wrong with your network setup if there is a difference between these two !!

"The connectivity experience" for those two should always be 100% identical unless you have got something configured differently for one of those two on purpose !!

Also consider not using any kind of NAT Loopback or Reverse NAT for this kind of setup.
Setting up domains correctly in combination with any Reverse Proxy software is IMHO the better solution.

/EDIT :
Quote from: Monviech (Cedrik) on February 13, 2026, 05:10:22 PMOr using IPv6 in general, ahh so nice no nat trickeries anymore. :)
+1 :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
February 13, 2026, 05:10:22 PM #4
Or using IPv6 in general, ahh so nice no nat trickeries anymore. :)
Hardware:
DEC740
February 13, 2026, 05:23:56 PM #5
Tricksy NATsesss ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions