I’ve recently revised my setup to use Nginx Proxy Manager. Previously I was using Haproxy on the pfSense box but am finding NPM far easier to manage.
In pfSense I forward all WAN 80/443 traffic to my NPM IP. For LAN I am using DNS Resolver to forward all of my domains to the same NPM IP. Pinging my domains internally resolves to the internal IP - pinging externally resolve to my WAN IP (as they should).
Everything works great internal and external. However, while on my office laptop connected to the company VPN nothing is working. The company DNS server resolves my domains to my WAN IP which show the pfSense webconfigurator (which gives an error if login is attempted).
Does anyone have a possible solution? Note that changes can only be made on my personal hardware - my work laptop is locked down pretty good (and I do not have any Admin rights).
First thing that comes to mind is that the company VPN connection is a split tunnel, meaning only company-specific networks are routed through it. So the VPN overrides the DNS server, your domain gets resolved to the public IP but traffic to it is still going out through the laptop’s LAN/WLAN interface instead of through the tunnel interface. This means that requests to the router’s WAN IP address come in through the LAN interface (or any other interface that is not WAN). Therefore, the NAT rule does not apply. If my split tunnel assumption is correct, an easy fix should be to enable NAT reflection for the respective NAT rules.
You nailed the issue and solution worked.
Your description was good and what I was thinking but my lack of networking expertise makes it difficult to accurately describe my issue (or fully understand the solution). I will definitely be looking deeper into this and ‘why’ it all works now.