Theres an option under System >> Advanced called "Disable NAT Reflection". Unckeck this option to let you browse internal servers using the external IP or DNS.
-Sean _____ From: Justin Refice [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 8:38 PM To: [email protected] Subject: [pfSense Support] VIPs + NAT?? I've got what appears to be simple question, but for the life of me I can't figure this one out. I've got a pfsense firewall setup between a local subnet (192.168/16) and my internet provider. The provider has given me two subnets 11.22.33.192/29 and 11.22.44.16/28. The WAN IP is in the larger subnet: 11.22.44.17/28 For any given IP in the above subnets, 1 or more IP's exist in the private domain. Eg: 11.22.33.194 port 25 = 192.168.0.2 port 25 11.22.33.194 port 80 = 192.168.0.3 port 80 11.22.44.17 port 25 = 192.168.0.4 port 25 This is all working fine (yay!). The problem is that the private subnet can't access IP's on the public subnet. So, for example, 192.168.0.2 can connect to www.google.com just fine. 192.168.0.2 can NOT connect to 11.22.33.194 <http://11.22.33.194> though... the packet just gets dropped somewhere. I've got the VIP's setup using Proxy ARP, because there are two subnets (And apparently CARP requires that the IP exist in the same subnet as the WAN IP). Just as a test, I setup a CARP for 11.22.44.18, and the same problem exists. Basically, it seems like I need to tell the firewall the right rules on the LAN interface to clear this up... but like I said, I can't figure it out. Thanks for any help, Justin
