Help from someone using Freenas Behing PFsense and Jail Port Forwarding

[Maturola]

Hi,

This may be an Pfsense issue and I asked on their forum with no help so far, however just in case is something on Freenas I'll ask here.

Looking for someone running jail (specifically Sabnzb, Sickbread, Couchpotato or Owncloud) and trying to access any of the jail ebconfigurators using Dynamic DNS URL

I setup Dynamic DNS last night, and everything seen to be working great, then I setup port forwarding for a single server (SABnzb), SABnzb is running on the FreeNAS box under a jail with its own IP on port 8086.

I went ahead and try from 'OUTSIDE' my network and I can access the server using <Public IP>:8086 & <dynamic DNS URL>:8086

Everything working as intended so far...

Now, here is the issue I don't seen to understand...

from 'INSIDE' my network, I can access the server using <Public IP>:8086, <Internal IP>8086, <hostname>:8086 however using <dynamic DNS URL>:8086 doesn't work, it try to load for a while and then time out.

This are commonly used FreeNAS jail+Plugins and I know some of you out there are using PFsense as well... have anyone encountered this issue?

Honestly I can VPN in a access all servers configuration, but what's worry me the most is Owncloud, my IP is dynamic as home user and I need to use the Dynamic DNS URL to setup the clients, which mean currently it will be unreachable when I am inside my network,

Anyways, any guidance would be appreciated.

Thanks
mat

 

[Jailer]

https://doc.pfsense.org/index.php/W..._ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

 

[Maturola]

Th

https://doc.pfsense.org/index.php/W..._ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Thank you for a quick reply,

Tried that, Split DNS doesn't work. Even if it works, it will redirect all traffic from the dynamic url to a single IP, regardless of the port. Since I'm running all these services in Freenas, I need each port forwarding to go to a different IP.

Have you done it? do you have a FreeNAS running some of this service and tried Split DNS or NAT Reflection and it is working? do you mind sharing a screenshot with that configuration?

Thanks

 

[hugovsky]

I haven't tried this but, I think you need to do the same nat but with lan interface instead of wan. If connection coming from lan interface, from source lan, to dest. lan, dest port X, redirect to IP and PORT.

EDIT: and use split-dns to host.

EDIT 2: and remember, pfSense matches rules from top to bottom.

 

[Maturola]

I haven't tried this but, I think you need to do the same nat but with lan interface instead of wan. If connection coming from lan interface, from source lan, to dest. lan, dest port X, redirect to IP and PORT.

I'm out of ideas so I'll give this LAN to LAN NAT a try

 

[Jailer]

I have a static IP so my case is a bit different. But I do have 2 dyndns addresses forwarded to a reverse proxy server in a separate jail that serves 2 web internet facing web servers each in their own jails and they both work fine.

All I did was set up dynamic dns to point to my public IP for each web address. Forwarded ports 80 and 443 to the IP address of my reverse proxy jail and the reverse proxy handles the routing from there. No tricks or NAT reflection was needed, I linked that piece because that's usually what fixes the problem you are describing.

 

[Maturola]

I have a static IP so my case is a bit different. But I do have 2 dyndns addresses forwarded to a reverse proxy server in a separate jail that serves 2 web internet facing web servers each in their own jails and they both work fine.

All I did was set up dynamic dns to point to my public IP for each web address. Forwarded ports 80 and 443 to the IP address of my reverse proxy jail and the reverse proxy handles the routing from there. No tricks or NAT reflection was needed, I linked that piece because that's usually what fixes the problem you are describing.

Thank you, I was planning on using a reverser proxy anyway to terminate SSL for owncloud, so maybe that would work and I can manage the other services using a vpn. Still really bug me that it is not working as it suppose to =( I agreed with you based on the document, Split DNS should work.