Well, it's not "supposed" to work. I'm still not sure how it was made to work in this fashion. But, I can offer one suggestion on a way that it might work. On the outbound NAT screen, you'll need to create a NAT bound to the LAN interface NATing everything from LAN destined for LAN to the LAN IP on your firewall. The problem you're seeing is that the firewall is redirecting you to the server, but the reply traffic from the server is getting sent to your workstations real IP.
--Bill On 9/28/05, Simon SZE-To <[EMAIL PROTECTED]> wrote: > Hello, > > I had read the thread at Aug 26 and found that some pfSense's user able to > access 1:1 NATTed service in LAN segment, but when I try it today, it's > failed. > > My testing environment: > - the public IP xx.xx.xx.46 1:1 NAT to 10.0.138.9 > - proxy ARP the xx.xx.xx.46 > - allow any to any access to xx.xx.xx.46 in firewall rule > - my workstation IP is 10.0.138.130 > - pfSense's IP is xx.xx.xx.42 > > I did the following steps: > - telnet xx.xx.xx.46 110 (of cos. I have POP3 service listening) > - I've got connection failed after around 20sec > - the states got the following 2 lines: > self tcp 10.0.138.130:1941 -> xx.xx.xx.42:51404 -> xx.xx.xx.46:110 > SYN_SENT:CLOSED > self tcp xx.xx.xx.46:110 <- 10.0.138.130:1941 CLOSED:SYN_SENT > > > Thanks! > > Simon SZE-To > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
