Well, it's not supposed to work. I'm still not sure how it was made
to work in this fashion. But, I can offer one suggestion on a way
that it might work. On the outbound NAT screen, you'll need to create
a NAT bound to the LAN interface NATing everything from LAN destined
for LAN to the LAN IP on your firewall. The problem you're seeing is
that the firewall is redirecting you to the server, but the reply
traffic from the server is getting sent to your workstations real IP.
--Bill
On 9/28/05, Simon SZE-To [EMAIL PROTECTED] wrote:
Hello,
I had read the thread at Aug 26 and found that some pfSense's user able to
access 1:1 NATTed service in LAN segment, but when I try it today, it's
failed.
My testing environment:
- the public IP xx.xx.xx.46 1:1 NAT to 10.0.138.9
- proxy ARP the xx.xx.xx.46
- allow any to any access to xx.xx.xx.46 in firewall rule
- my workstation IP is 10.0.138.130
- pfSense's IP is xx.xx.xx.42
I did the following steps:
- telnet xx.xx.xx.46 110 (of cos. I have POP3 service listening)
- I've got connection failed after around 20sec
- the states got the following 2 lines:
self tcp 10.0.138.130:1941 - xx.xx.xx.42:51404 - xx.xx.xx.46:110
SYN_SENT:CLOSED
self tcp xx.xx.xx.46:110 - 10.0.138.130:1941CLOSED:SYN_SENT
Thanks!
Simon SZE-To
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
