• H.323 Video Conference Codec behind PFSense *Guide / Explanation*

    Pinned Locked
    3
    0 Votes
    3 Posts
    28k Views
    D
    Long story short, to use H.323 behind a pfsense firewall, one needs to enable static-port NAT. Unfortunately neither H.323 nor SIP were designed with NAT in mind, in which case one needs either an ALG (which btw is part of Linux's netfilter since many years, but apparently missing from baseline pf/FreeBSD) or a NAT device that won't rewrite ports (a solution that will work if you only have one such device). Edit: Note that SIP software has been improved in recent years, and most recent implementations can work through NAT without a need for ALG or static ports, but it's still something one has to keep in mind when troubleshooting SIP issues.
  • Port Forward Troubleshooting

    Pinned Locked
    1
    3 Votes
    1 Posts
    32k Views
    No one has replied
  • NAT to different interface than WAN

    10
    0 Votes
    10 Posts
    408 Views
    V
    @Pagi So I guss, the NAT address changed to the WAN address. Set it to LAN3 address and it should do, what you want.
  • [Tutorial] How to Secure and Implement Internal IPv6 NAT66/NPt

    4
    2 Votes
    4 Posts
    4k Views
    M
    UPDATE: I now recommend absolutely to avoid ULAs (fd:: and fc:: due to RFC 6724) it seems that those specific subnets will usually prioritise IPv4 traffic and other oddities so you can absolutely use them for special use cases but for a LAN or a dual stack setup I recommend the other f000::/4 subnets which work because they're not official ULAs (so I guess I want them to be that way now).
  • Issue with local Ubuntu VPN behind PFsense

    13
    0 Votes
    13 Posts
    2k Views
    GertjanG
    @alexanderjh said in Issue with local Ubuntu VPN behind PFsense: this is really tricky with UDP. The thing is, I use the pfSense Openvn server, that uses the default UDP and default 1194 port. I don't know anything about "IPSEC" and "strongwan". What protocol number it is, if it uses ports, etc Keep mind that your issue isn't pfSense related right now. Here : proof : [image: 1758006997553-20acf017-6cdd-4194-925f-e19a72353f95-image.png] your VPN traffic never even reaches the pfSense WAN port. It can't redirect what it didn't receive ^^ That said (example) : if IPSEC is using IPv4 and UDP, and port '45000' as a destination. Your rules do work fine for traffic with destination port 80 and 443, TCP, IPv4 - the web server traffic.
  • AI Copilot get a tip! Is it a safe and good practise?

    6
    0 Votes
    6 Posts
    2k Views
    A
    @jimp Ok , thanks)))
  • FreePBX & pfsense

    4
    0 Votes
    4 Posts
    4k Views
    S
    @netblues Can you Post you Setup?
  • 0 Votes
    9 Posts
    3k Views
    johnpozJ
    @sho1sho1sho1 nothing in the resolver would or could do that.. You running pfblocker? Show the rule in your ruleset. There is this feed in pfblocker [image: 1755628936429-pfblocker.jpg] That sure doesn't even look like a NS ;; QUESTION SECTION: ;4.64.4.64.in-addr.arpa. IN PTR ;; ANSWER SECTION: 4.64.4.64.in-addr.arpa. 28800 IN PTR wnpgmb0273w-dr09-v924.mts.net. And it doesn't even answer dns, atleast not from me. That is a bell canada IP.. Is that who you use for ISP?
  • Setup UPnP->few quick questions? (solved)

    solved
    9
    1 Votes
    9 Posts
    3k Views
    4
    @johnpoz -Yep-that worked just fine Jonpoz. TYVM.
  • 2.8.0 NAT64 and Policy Routing

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Cannot disable NAT on PFSense 2.7.2 CE

    nat cannot disable
    4
    0 Votes
    4 Posts
    3k Views
    patient0P
    @BlueSun ok, I'm generally out of my depth in regards to BGP. All I can say if you set a gateway in the interface settings (see screenshot) then pfSense creates NAT rules automatically, if outbound NAT is set to automatic or hybrid. [image: 1755188790365-screenshot-2025-08-14-at-18.25.56.png] But since you have disable outbound NAT I can't see your traffic being NAT-ted at all. Are you using the FRR packages and if yes did you have a look at pfSense Docu: BGP Example Configuraton for a start?
  • Why is there an automatic Outbound NAT for ::1/128

    4
    0 Votes
    4 Posts
    3k Views
    johnpozJ
    @IonutIT localhost is always going to be up to bind to.. but possible that my wan or say a vpn interface is not up when unbound restarts. If interface is not up can not bind to it.. So helps to make sure unbound starts and binds on interface to use to do outgoing queries.
  • Setting up Port Forwarding for Minecraft Server on pfSense

    9
    0 Votes
    9 Posts
    12k Views
    P
    Thanks for sharing the configuration details! I encountered a similar situation when opening ports for Minecraft on pfSense. In addition to the steps you did, you can try checking: Firewall Rule: Make sure the rules for WAN are applied correctly. NAT Reflection: Sometimes enabling NAT Reflection can help in internal testing. Check ISP: Some carriers block port 25565, you may need to change the port to test. pfSense Log: Check the log to determine if the request has reached the router. Does anyone in the community have any tips to help make the configuration more stable?
  • Port forwarding not working localy when i enable load balancing

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Can't access port-forwarded/natted services from another local network

    5
    0 Votes
    5 Posts
    3k Views
    K
    @johnpoz I see, thanks for explaining and the help!
  • NAT broken after Reboot

    14
    0 Votes
    14 Posts
    4k Views
    P
    @iggybuddy6 I'm just happy I could help. Today I went from thinking I knew everything about setting up wg on pfSense, to realising I did not, and that is a great reward in itself! Hopefully your setup will remain stable going forward.
  • Odd outgoing issues behind pfsense router

    8
    0 Votes
    8 Posts
    4k Views
    V
    @ahole4sure Maybe the routing table brings dissociation. However, I'm not familiar with Tailscale. Don't know, what it does.
  • pfSense 2.8.0 - Routing stops intermittently after update from 2.7.2

    4
    0 Votes
    4 Posts
    3k Views
    A
    @Gertjan said in pfSense 2.8.0 - Routing stops intermittently after update from 2.7.2: [...]matches your usage case ? You have Static routes, multiple sub nets ? Yes, the remote location has its own subnet and connects via a static route to the network in the main office. The default route of the remote location is set to the router that provides internet access in the remote location.
  • 0 Votes
    1 Posts
    2k Views
    No one has replied
  • 0 Votes
    6 Posts
    3k Views
    johnpozJ
    @carrzkiss why is that? HA proxy can listen can send stuff based on the uri to different machines. something.domainX.tld goes to your IIS IP otherthing.domainX.tld goes to your linux box. etc..
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.