Sunday, January 31, 2021

Route Reflection

 I had a call from a customer who needed to be able to get to an internal server by way of the external public IP address, from the INSIDE of the network.  This is not uncommon when you have an application on a cell phone that has not been setup with external DNS, but has instead a public IP put in.  This is not a problem for the PFSense firewall.  The option you need is called Route Reflection.

Go to System --> Advanced --> Firewall and NAT --> and under the Heading "Network Address Translation".  

Change the setting of "NAT Reflection mode for port forwards" to "Pure NAT".

Change the setting of "Enable NAT Reflection for 1:1 NAT" to a checked box.

Change the setting of "Enable automatic outbound NAT for Refletion" to a checked box.