Actions
Bug #2042
open
NAT reflection doesn't apply to self-initiated traffic
Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
NAT Reflection
Target version:
-
Start date:
12/09/2011
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All
Description
Squid can't access hosts inside a DMZ with DMZ hosts accessible only via 1:1 NAT.
My config:
- 4 interfaces: WAN (bge1), LAN (bge0), DMZ (em0), GUEST (em1)
- DMZ subnet is private ips, using 1:1 NAT and IP Alias with reflection redirects to map incoming traffic from the other interfaces and from the internet onto my public webservers
- Reflection redirects and NAT for 1:1 mappings
rdr on { bge0 em0 em1 } from any to aaa.bbb.ccc.ddd -> 192.168.ccc.ddd bitmask
no nat on em0 from em0 to 192.168.ccc.ddd
nat on em0 from 192.168.ccc.ddd/27 to 192.168.ccc.ddd -> em0 port 1024:65535
I suppose adding the loopback interface (lo0?) to the "rdr on" rule would fix this issue.
A slightly longer version of this text can be found on the forum here: http://forum.pfsense.org/index.php/topic,43613.0.html
Best regards,
-Jan
Updated by
Actions