Hi Zulu, I am thinking, you have the Webserver with a public IP address inside the LAN and you are using Outbound NAT rules, but I think this is tricky. I am running MONOWALL with such a scenario but what I did, the machine I want to be seen outside the LAN is on the LAN subnet (192.168.*.*) and defined Inbound NAT rules to be visible outside the LAN through the firewall and seen in the LAN as a normal machine (using the LAN Ipaddress). Then defines DNS forwarder on the firewall for all traffic originating from the LAN and destined for this machine using the Public Domain name, is resolved to the LAN IP address before it is moved out of the LAN. If you consider this implementation I shall give you the actual configurations, since pfsense and Monowall are similar/same you shall be in position to make it work. -- .................................................................. Seat of Wisdom ..........................Pray for us Cause of our Joy...........................Pray for us ................................................................... Mayengo Tom Kizito +256-752-602550 +256-782-062708
-----Original Message----- From: Richard Zulu <[email protected]> Reply-to: Uganda Linux User Group <[email protected]> To: Uganda Linux User Group <[email protected]> Subject: [LUG] pfsense Date: Thu, 1 Sep 2011 13:20:41 +0300 Hallo, Question: I have pfsense implemented as a firewall for a unit where the internal users are using a private subnet with the external interface using a public (internet routable) IP. The internal users have a dhcp server independent of my pfsense implementation. I have a web-server within the internal network using a private IP that I would want to be accessible using a public ip both by internal hosts and the external hosts. I have implemented port forwarding and external hosts can access the web-server using a public ip, however, internal hosts cannot access that internal web-server using the public ip. I have enabled nat reflection however in vain, Is there a way I can implement this without using the split dns option. -- Richard Zulu gtug lead, Kampala (Uganda) http://kampala.gtugs.org --------------------------------------------------------- http://www.linkedin.com/in/richardzulu http://www.twitter.com/richardzulu _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
