• Allow Access to Internal Netscaler

    5
    0 Votes
    5 Posts
    1k Views
    S

    @KOM:

    A port forward.  Post your NAT and sanitized WAN rules if you're having problems.

    Thanks again KOM. Took a bit of trial and error, but I got the Virtual IP created for the public IP, created the Port Forward NAT, and WAN Firewall rule. I also had to modify the default 0.0.0.0 route on the netscaler to point to the pfSense FW instead of TMG. I was able to test from my Azure Windows 10 client and Citrix XEN services all worked like a charm!

    -SK

  • NAT 1:1 not working on some but does on others

    4
    0 Votes
    4 Posts
    1k Views
    DerelictD

    Then you probably have some other rule performing that NAT to 10.10.100.11 instead.

    Post screenshots of your port forwards, your 1:1s, and your rules.

    Or:

    Diagnostics > Command Prompt

    cat /tmp/rules.debug

    Send that output to me in a PM.

  • NAT from Multiple Source Addresses to One Destination Address

    2
    0 Votes
    2 Posts
    4k Views
    B

    I ran into this same issue after upgrading from 2.1 to 2.3.2 as well. Here's how I resolved it (I used the information from your example);

    (NOTE: Replace "pfsense.local" in the links below with the IP Address of your pfSense Installation.)

    First, you want to create a Firewall IP Alias (https://pfsense.local/firewall_aliases_edit.php?tab=ip) with the Source IP's you want to allow access from.

    Next you want to create your Firewall NAT Port Forward (https://pfsense.local/firewall_nat_edit.php) using the "Single host or alias" option for the Source, and then input the name of the Alias you previously created (pfSense will show you what it has saved once you start typing the name).

    NOTE: You will want to delete any Firewall NAT Port Forwards that are currently using the same Port and Destination IP's you are going to use.

    Continue to setup the Firewall NAT Port Forward as normal.

    Done.  8)

    Keyword Search Information:
    pfSense NAT "the destination port range overlaps with an existing entry"
    pfSense NAT multiple source addresses to single destination port
    pfSense NAT multiple source IP to single host

    pfSense_-_Firewall__NAT__Port_Forward__Edit.png_thumb
    pfSense_-_Firewall__NAT__Port_Forward__Edit.png
    pfSense_-_Firewall__Aliases__Edit.png_thumb
    pfSense_-_Firewall__Aliases__Edit.png

  • Multiple-to-many-NAT: how many external IPs?

    9
    0 Votes
    9 Posts
    2k Views
    DerelictD

    When you are dealing with overload NAPT you need to have enough IP addresses so you can handle every WAN_IP:PORT+DEST_IP:PORT combination. That increases the number of states a particular WAN_IP can serve dramatically beyond 65535.

  • Virtual IP with manual Outbound NAT = No internet

    13
    0 Votes
    13 Posts
    3k Views
    A

    Thanks for the tip! I was trying to find an easy way to verify that my virtual IP was actually working. It's not.
    I will call my ISP and see if they can help me out.

    Thank you both for your time.

  • 1:1 NAT Issue

    16
    0 Votes
    16 Posts
    3k Views
    johnpozJ

    "I wish I had a dollar for every person who thought they found a bug in pfSense but it was really a misconfiguration."

    hehe - if that could only go to help fund pfsense ;)

  • Hosting WebServer Intermittent Communication Issues

    2
    0 Votes
    2 Posts
    580 Views
    V

    Do you have additional packets installed like Snort, Suricata or pfBlockerNG?
    If so, deactivate it for troubleshooting.

  • NAT/Firewall for hosting public-facing DNS server

    1
    0 Votes
    1 Posts
    586 Views
    No one has replied
  • Nat issue email server? (SOLVED)

    3
    0 Votes
    3 Posts
    677 Views
    K

    lolz.. i feel like a f***cking idiot..im sorry i had dyslexia i messed up on the NAT i put 192.168.1.6  instead of 192.168.1.210..

    Thank you again..

  • Testing Cisco Router

    4
    0 Votes
    4 Posts
    869 Views
    dotdashD

    Correct. You should be fine if the IP for the Cisco is not used on the pfSense box.

  • In desperate need of this or ill have to say bye bye to my Job please help

    10
    0 Votes
    10 Posts
    2k Views
    M

    thanks guys i set up vpn its better all is well you guys saved my Job im in yout debt

  • NAT configuration

    2
    0 Votes
    2 Posts
    999 Views
    KOMK

    1. How to configure NAT

    https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    2. How to access forwarded port: 172.10.10.11:2222 or 172.10.10.10:2222

    Via your WAN IP:2222

  • 2.3.2 Outbound NAT - Possible Bug?

    3
    0 Votes
    3 Posts
    673 Views
    T

    Thanks, will try another browser.

    EDIT: Same issue in Opera and Chrome, but worked in Firefox, thanks.

  • Whitelisting NAT port forward breaks redirection

    1
    0 Votes
    1 Posts
    483 Views
    No one has replied
  • Weird problem, the wrong website gets served randomly

    3
    0 Votes
    3 Posts
    2k Views
    KOMK

    Is this happening to anyone else?

    Not that I am aware of.

    any ideas?

    You've given us nothing in the way of details.  I'm not even clear if you're talking about people incoming getting the wrong server from your network, or your LAN clients going to some external website and getting something else.  List the packages you're using.  Explain exactly what's happening and not just a vague, abstracted description.

  • How to port forward mssql in pfsense

    4
    0 Votes
    4 Posts
    3k Views
    jimpJ

    If someone remote must access the SQL server, make them use a VPN to do it.

    Never expose any database directly to the world.

  • L2TP with NAT ?

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    You have setup NAT for everything you need, but L2TP+IPsec is known to have problem in general (not related to pfSense) when the server is behind NAT.

    Use something more modern and less problematic, such as IKEv2, or if you need the server to be Windows, SSTP might be able to work as well, though it can also have NAT issues.

  • H323 FreeBSD PFsense 2.2.2 its WORK!

    5
    0 Votes
    5 Posts
    3k Views
    M

    Hello my friend I'm Sorry if I'm Bothering you , but I'm new with the GnuGk and with Pfsense thats why I'm  facing  problems in order to make the call establishment between two end devices one is behind LAN network and the other behind the WAN  network.

    Sorry maybe I didn't understand what is your network and how you did configured it , did you register your device  with your GnuGk installed in the pfsense or you Register it in another place, I believe that to establish a call between 2 end devices they must be registered with the same Gatekeeper so that the Gatekeeper will route make the call establishment between the 2 users since it will know the IP and ext. number  for both end devices.

    Actually I have some questions beyond your suggested solution and I found that  your solution does make sense , so I need your help and I need to benefit from your experience if there is no problem :)

    1-where did you Register your devices , if you have 2 devices one behind the firewall and the other is outside your network and they want to call each other , do they need to be registered with the GnuGk ?

    2-what is the benefit of installing GnuGk in the pfsense

    3-Can you show me your GnuGk configuration file because I think I missing something

    4- You said in your report that If someone phoned from an external device to your device, dialing must be: your IP##ext number such as 8.8.8.8##5693 where I should configure this option so that I can Dial using this syntax.

    Thank you for your appreciative efforts :)

  • Send traffic to one of several LAN IPs based on a pattern in a URL?

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • NAT and VPN - "masquerade" as another subnet via VPN?

    3
    0 Votes
    3 Posts
    965 Views
    K

    Ohh, of course, it would be in connection with the tunnel rather than NAT.  :-[ Thanks! Appreciate it. :D

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.