Netgate SG-1000 microFirewall

Author Topic: port forward NAT + accessing NATed Services  (Read 2397 times)

0 Members and 1 Guest are viewing this topic.

Offline madapaka

  • Full Member
  • ***
  • Posts: 188
  • Karma: +0/-0
    • View Profile
port forward NAT + accessing NATed Services
« on: September 22, 2006, 10:03:51 am »
i used port forward NAT in my DMZ coz i have no luck making 1:1 NAT to work and i have read that there is a workaround accessing NATed services within the LAN, so i enabled the NAT reflection in the advanced page however i still can't view the NATed services using its hostname or public ip, so i added in the dns forwarder page the override for the said services and now i'm able to access it via its hostname/public ip, my question is, am i doing it right? is this how it is suppose to be?

TIA

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: port forward NAT + accessing NATed Services
« Reply #1 on: September 22, 2006, 06:16:21 pm »
You have set up split DNS. This is one possible solution. However natreflection with portforwards should have worked as well if set up correctly. I'm using natreflection to access hosts with portforwards to the DMZ from LAN at the office without issues.

Offline madapaka

  • Full Member
  • ***
  • Posts: 188
  • Karma: +0/-0
    • View Profile
Re: port forward NAT + accessing NATed Services
« Reply #2 on: September 23, 2006, 09:32:39 am »
so my configuration is ok? i have another question though regarding 1:1 NAT, why is it that i having problem with 1:1 setup, i can only access one of the website but not the other website we are hosting and the webmail interface of our mail server although i have configured a dns forwarder override for it.?

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: port forward NAT + accessing NATed Services
« Reply #3 on: September 23, 2006, 03:21:17 pm »
1:1 NAT doesn't work for nat reflection but it should work with split dns. When you say it doesn't work, do you mean for connections coming from WAN to your host ot from lan?

Offline madapaka

  • Full Member
  • ***
  • Posts: 188
  • Karma: +0/-0
    • View Profile
Re: port forward NAT + accessing NATed Services
« Reply #4 on: September 26, 2006, 11:53:35 am »
i can only access via its NATed ip within the LAN, while i can only see one website from outside LAN while the webmail and another website is not accessible. any ideas why?

Offline madapaka

  • Full Member
  • ***
  • Posts: 188
  • Karma: +0/-0
    • View Profile
Re: port forward NAT + accessing NATed Services
« Reply #5 on: September 26, 2006, 12:19:16 pm »
my 1:1 NAT is working already, it seems odd coz i just followed the documentation on monowall, dunno why it doesn't work outright, i happened to browse the archive and saw one thread regarding issues with 1:1 NAT, his solution was to add a VIP, and whooalla it's now working for me, i also removed the entries in the DNS forwarding page for my port forwarding configuration, my pfsense configuration is now a combo of port forward and 1:1 NAT, thanks for your pointers hoba, you're a great help :)

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: port forward NAT + accessing NATed Services
« Reply #6 on: September 26, 2006, 02:19:32 pm »
You always need a VIP to make use of additional IPs on an interface. It won't work without. This is something that is different from m0n0.