http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

I know why it didn't work. The DNS server would be the pfSense box, and the pfSense box is configured to use OpenDNS – which by default nature is through the WAN port, hence why when setting filtering options on StaticIP#1 on OpenDNS' website would "apply" to StaticIP#2 machines as well. DNS queries (and DNS filtering) would be performed through WAN rather than being split and queried from the same interface (OPT1) as the NAT-Outbound assigned static IP. I think the only two solutions (which one of them really isn't as it does not exist as a feature in pfSense) would be (1) vLAN setup via managed switch (we have an HP ProCurve 4000) or (2) configure pfSense so that DNS queries from the subnet that is set to go through OPT1/StaticIP#2 to also make DNS queries to OpenDNS through the same interface rather than through WAN. EDIT: I think there needs to be an option under Virtual IPs or better so under NAT->Outbound for entries to manually specify DNS servers that said subnet(s)/IP would use (or if it should make DNS queries through selected interface as well).

The ICMP redirect indicates some wrong or weird routing config. The ICMP unreachable either the same, or that you're rejecting the traffic with firewall rules.

Well I discovered an interesting way of fixing this that works better than split DNS (because there are ports forwarded to different machines). I actually discovered this by accident too lol. A DMZ is setup for the pfsense machine and port forwarding from external connections has worked fine from the beginning. My brother didn't think so though as he couldn't connect to his stuff when he tested it, but he was doing it internally using the public IP, thus the redirect problem broke his connection even though it works fine externally. He ended up forwarding the ports he needed on the actiontech and pointed them to pfsense's WAN IP thinking that ports weren't actually being forwarded (which they were externally, but not on redirect). This ended up redirecting internal connections using the public IP correctly. So thought hmm, and decided to put in a rule that forwarded all ports to pfsense WAN IP (as shown in the attachment). surprise surprise I no longer have to rely on split dns for internal redirects! [image: redirect.jpg] [image: redirect.jpg_thumb]

Hi jimp I managed to find the issue. Problem lay with the mIRC client with this feature called "Passive DCC". It MUST be disabled in order for the NAT to work properly. Thanks for the assist and hope this thread helps others.

Just update to a current snapshot and you should be OK.

TCP * * 10.10.238.164 21 (FTP) *   NAT TCP * * X.X.9.164 21 (FTP) *   NAT TCP * * 10.10.238.164 50000 - 51000 *   NAT thanks psylo

If you're re-writing the source address, on your LAN server, then you could get it to work - and that may be what you're doing. Just port forwarding however won't work.

You need to use different subnets (IP ranges) on the WAN and DMZ, or you need to bridge the WAN and DMZ. I assume that you've already tried configuring UPnP?

Btw. I am using PFSense 2.0RC1

Fitopy, what type of H323 gatekeeper/SIP registrar is the TANDBERG device registered to? What specific type of TANDBERG system is this, and what software is it running on? Andreas

It works fine, just have to create the appropriate outbound NAT. Post a screenshot of your outbound NAT rules.

I currently have a video tutorial uploading to YouTube as we speak, i hope this can help some people

You probably need rules for whatever port needed on your server, for example 80, 443, 22, 25, etc…I think on pfsense 2 I had to put the rules within the Floating rules tab. Not sure if 1.2.3 has this. I couldn't get it running on my older test system.

Hi, You can set DMZ from zyxel to 192..168.10.3"pfsense" and port forward to server. :)