• H.323 Video Conference Codec behind PFSense *Guide / Explanation*

    Pinned Locked
    3
    0 Votes
    3 Posts
    25k Views
    D
    Long story short, to use H.323 behind a pfsense firewall, one needs to enable static-port NAT. Unfortunately neither H.323 nor SIP were designed with NAT in mind, in which case one needs either an ALG (which btw is part of Linux's netfilter since many years, but apparently missing from baseline pf/FreeBSD) or a NAT device that won't rewrite ports (a solution that will work if you only have one such device). Edit: Note that SIP software has been improved in recent years, and most recent implementations can work through NAT without a need for ALG or static ports, but it's still something one has to keep in mind when troubleshooting SIP issues.
  • Port Forward Troubleshooting

    Pinned Locked
    1
    3 Votes
    1 Posts
    30k Views
    No one has replied
  • Setting up Port Forwarding for Minecraft Server on pfSense

    9
    0 Votes
    9 Posts
    8k Views
    P
    Thanks for sharing the configuration details! I encountered a similar situation when opening ports for Minecraft on pfSense. In addition to the steps you did, you can try checking: Firewall Rule: Make sure the rules for WAN are applied correctly. NAT Reflection: Sometimes enabling NAT Reflection can help in internal testing. Check ISP: Some carriers block port 25565, you may need to change the port to test. pfSense Log: Check the log to determine if the request has reached the router. Does anyone in the community have any tips to help make the configuration more stable?
  • Port forwarding not working localy when i enable load balancing

    1
    0 Votes
    1 Posts
    26 Views
    No one has replied
  • Can't access port-forwarded/natted services from another local network

    5
    0 Votes
    5 Posts
    65 Views
    K
    @johnpoz I see, thanks for explaining and the help!
  • NAT broken after Reboot

    14
    0 Votes
    14 Posts
    692 Views
    P
    @iggybuddy6 I'm just happy I could help. Today I went from thinking I knew everything about setting up wg on pfSense, to realising I did not, and that is a great reward in itself! Hopefully your setup will remain stable going forward.
  • Odd outgoing issues behind pfsense router

    8
    0 Votes
    8 Posts
    180 Views
    V
    @ahole4sure Maybe the routing table brings dissociation. However, I'm not familiar with Tailscale. Don't know, what it does.
  • pfSense 2.8.0 - Routing stops intermittently after update from 2.7.2

    4
    0 Votes
    4 Posts
    245 Views
    A
    @Gertjan said in pfSense 2.8.0 - Routing stops intermittently after update from 2.7.2: [...]matches your usage case ? You have Static routes, multiple sub nets ? Yes, the remote location has its own subnet and connects via a static route to the network in the main office. The default route of the remote location is set to the router that provides internet access in the remote location.
  • 0 Votes
    1 Posts
    55 Views
    No one has replied
  • 0 Votes
    6 Posts
    184 Views
    johnpozJ
    @carrzkiss why is that? HA proxy can listen can send stuff based on the uri to different machines. something.domainX.tld goes to your IIS IP otherthing.domainX.tld goes to your linux box. etc..
  • Firewall Aliases IP Addresses with Port Forwarding

    9
    0 Votes
    9 Posts
    379 Views
    Bob.DigB
    @NVDude said in Firewall Aliases IP Addresses with Port Forwarding: By default this creates the rule with source "Any" Be default, any rule has any in it, regardless. You are able to change the source in the NAT-rule too. So everyone is wondering why you didn't do that and fiddle around with the linked rule instead. But I also did this in some cases, for better visibility, especially with different aliases which I didn't wanted to combine, so I created the same firewall-rule but with different sources three times or whatever. But for best efficiency you do it right in the NAT-rule because then the not-matching traffic doesn't get NATed in the first place, I guess.
  • Policy-based routing: directly attached interface can never be overridden

    10
    0 Votes
    10 Posts
    228 Views
    P
    @johnpoz Thank you for the clarifications I finally opted to route everything on pfsense and remove SVIs on switch. It's so much easier than to manage the ACLs on switch If I end up needing more L3 switching throughoutput on some vlans, I can always try a hybrid setup with static routes on pfsense and running the dhcp server on the switch for those vlans
  • NAT - To manage a ONT SFP+ on 192.168.11.1

    20
    0 Votes
    20 Posts
    901 Views
    B
    @AndyRH Hi, I managed to access the 192.168.11.1 Web Gui with the changes you've shared https://forum.netgate.com/topic/197766/how-to-connect-to-xgs-pon-controller/15?_=1751026822174 This access ( NAT OutBound ) to 192.168.11.1 Web Gui succeeded after i did a Power On Reset to the Netgate 4100 after making the NAT Outbound changes. It hence seems that NAT changes did not take effect after I "Save" and "Apply Changes" and only became effective after I did a Power On Reset. Also another point to note was this Web Access to 192.168.11.1. was successful when my WAN is on DHCP and without a Vlan assignment. I may have to open another thread for assistance as I need to access 192.168.11.1 with WAN on DHCP and with a VLAN for the WAN. Thanks to you, at least I have a window into the WAS-110 albeit when the WAN is not configured with a VLAN. On your temperature for the WAS-110 its 50/48/46 Celsius with ambient temperature at 30 degrees Celsius and with a cooling fan in place. Have a a good one.
  • Port forwarding to non-LAN subnet

    2
    0 Votes
    2 Posts
    126 Views
    V
    @thomaspsimon I guess, you're using a policy-based IPSec tunnel. If so this is not going to work, unless you route the whole upstream traffic from the branch over the VPN, which might not be desirable. It would be doable with any other VPN solution, however, which gives you real routing capability.
  • pfSense IPSec + Manual Outbound NAT - No Traffic via VIP

    3
    0 Votes
    3 Posts
    171 Views
    E
    Big thanks @viragomann Your BINAT insight was the missing puzzle piece, tunnel’s up, traffic’s flowing, and packets are happy. Much appreciated!
  • New port forwards not working

    9
    0 Votes
    9 Posts
    298 Views
    F
    @enthu19 thank you so much, that worked! I learnt something new :) Thank you again enthu19!!!
  • ZTE ZXHN F6600P as bridge

    1
    0 Votes
    1 Posts
    243 Views
    No one has replied
  • Multiple outgoing IP, NAT/Routing not 100% working

    1
    0 Votes
    1 Posts
    70 Views
    No one has replied
  • [Tutorial] How to Secure and Implement Internal IPv6 NAT66/NPt

    1
    1 Votes
    1 Posts
    143 Views
    No one has replied
  • [Tutorial] How to Secure and Imeplement Internal IPv6 NAT66/NPt

    2
    0 Votes
    2 Posts
    132 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.