OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • How I do to redirect "itself" into network?
« previous next »
  • Print
Pages: [1]

Author Topic: How I do to redirect "itself" into network?  (Read 2908 times)

sebastian

  • Newbie
  • *
  • Posts: 10
  • Karma: 3
    • View Profile
How I do to redirect "itself" into network?
« on: September 12, 2017, 12:25:15 pm »
I have a network with a NAT rule as follows:

WAN any:any "WAN Adress":80 redirect to 192.168.1.10 port 80

This works wonderfully from outside, but it doesn't work from the inside (Typing the WAN adress on the inside of the network instead lands you in the administrative interface of the firewall).

Now I want, that if I, from inside the network, type the external IP of the network, this packet should be rewritten to remain in the network instead.

So I create a rule as follows:

LAN any:any "WAN Adress":80 redirect to 192.168.1.10 port 80

The idea is that if you are inside the 192.168.1.* network (coming from the LAN interface), and write the WAN adress in the adress bar, you should land in the 192.168.1.10 server (like you visited the server from outside). But this doesn't work.
Logged

phoenix

  • Hero Member
  • *****
  • Posts: 506
  • Karma: 55
    • View Profile
Re: How I do to redirect "itself" into network?
« Reply #1 on: September 12, 2017, 01:23:41 pm »
Silly question but why wouldn't you go directly to the IP address of the local server? In any case you could solve that with DNS and/or NAT reflection - I'd suggest using valid hostnames for your LAN machines and DNS would be the easiest solution.
Logged
Regards


Bill

sebastian

  • Newbie
  • *
  • Posts: 10
  • Karma: 3
    • View Profile
Re: How I do to redirect "itself" into network?
« Reply #2 on: September 12, 2017, 01:32:23 pm »
Because I have set up a server that handles dynamic domain names (users in a educational facility, like user1.pupils.school.tld), so I cannot statically define them anywhere.
And I want these dynamic domain names to be reachable from inside the firewall aswell.

So by pointing the external IP to the "inside IP" it should work, but apparently it does not.
Why not?

If a packet comes in the LAN interface:

Source IP: 192.168.1.95
Source port: 42357

Destination IP: [WAN IP]
Destination Port: 80

And the NAT rewrites this to the following:

Source IP: 192.168.1.95
Source port: 42357

Destination IP: 192.168.1.10
Destination Port: 80

Why does it not work? Any that have a technical explanation?
Logged

BertM

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 11
    • View Profile
Re: How I do to redirect "itself" into network?
« Reply #3 on: October 19, 2017, 05:46:44 pm »
I assume you configured a portforwarding rule to forward incoming port 80 traffic to your internal webserver.

In the configuration of this port forwarding, you need to turn-on Nat reflection, so traffic from inside can be NAT-ed back in to the inside lan towards the webserver.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • How I do to redirect "itself" into network?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2