kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Document NAT reflection fix for internal service access

Browse Source 
- Pure NAT mode doesn't work when clients/servers on same subnet
- Must use enablenatreflectionhelper for proper source NAT
- Added to Common Gotchas in DECISIONS.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kavren
2025-12-22 00:16:40 -05:00
parent 34825ed1a3
commit 913b413522
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/DECISIONS.md
View File

@@ -192,6 +192,7 @@ cat /tmp/rules.debug
4. NAT port range rules: `<local-port>` must be just the starting port, not the full range
- Correct: `<port>2223-2323</port>` with `<local-port>2223</local-port>`
- Wrong: `<port>2223-2323</port>` with `<local-port>2223-2323</local-port>` (rule will be commented out)
5. NAT reflection requires `enablenatreflectionhelper` (not just purenat) when clients and servers are on the same subnet - pure NAT doesn't source-NAT so return traffic bypasses OPNsense
### Reverse Proxy