@Ghost-0 if you want to remove the auto nat rules, you would have to go to manual mode.

@SteveITS I should have double checked that the server was listening on the default port.

sorry for making the post as there was nothing wrong with how Pfsense was working. I just had to change the port forwarding to the port the server was listening on and it all started working.

@Shan-lapierre said in Monitor NAT rules:

And infact my NAT rule was created whit "Pass" flag and pf doesn't created any fw rule.

I'm still looking for a usage of that "Pass" case ^^

Normally, a NAT rule translates traffic coming (initiated) somewhere on 'the WAN' (the Internet) and the address (WAN IP) (and port) has to be mapped == translated (a,d port) to a LAN addresses, so it can reach this device.
This needs of course a WAN 'firewall' rules, as by default nothing can enter the WAN - everything is blocked by default.
A NAT rule without an accompanying firewall rule .... won't work, as traffic will never reach the NAT rule, as traffic can not enter into the WAN interface.

I'm not saying other types of NAT exit, they do.

From what I've read :

receive traffic to my firewall on a specific port from a specific public IP.

Everything is working (so the external traffic reaches me on an endpoint inside my network that is listening on that specific port).

your use the classic method, and you need a auto generated firewall rule on the WAN interface.

@tman222 said in Port Forward Add Unassociated Filter Rule Not Working?:

Add unassociated filter rule

I can confirm this behavior. An Unassociated Filter Rule is probably not selected often though.

@jrodrigomor said in Outbound NAT (hybrid) not working:

Could you detail what the rule would look like or maybe even show me a print of this configuration?

Here is an example, I have an outbound nat that says if you go out my ns1vpn, to nat to that address.. A rule that would force traffic out that gateway is placed on the interface where you have traffic you want to route out that gateway.

policyroute.jpg

You assign the specific gateway to a rule via the advanced when you setup the rule, notice the little gear next to the rule, that shows that an advanced setting was done on the rule.

OK, solved it myself: WAN interface rule needed to specify IP&port of internal (NATted) host. Changed that. Traffic passes.

Thanks!

@Scarecrow4798 said in Internal port redirect:

Would the best way of doing it then be to move dashy to another interface? VLAN?

Sure if this dashy was on a different network that route through pfsense, you could redirect the traffic to a different port.

Seems like of trouble, that could be solved with a simple :port on your bookmark ;)

@Elmojo said in Cannot PF/NAT to save my life...:

@johnpoz Okay, I'll have to dig into the docs a little and see where I need to go from here.
I'm happy with using Clouflare, if it's built into pfsense. I only had a duckdns account because it was referenced in a tutorial I was following for another service a while back.

Thanks again for all your help. Hopefully I can take it from here, but I can't swear I won't have another couple Qs as I get all this untangled. :)

Duckdns have good support info on their page.

Go to their install page https://www.duckdns.org/install.jsp
Select pfsense and then in the drop down select which one of your domains you want to use.

The page will then update to provide you with a URL looking like this:
https://www.duckdns.org/update?domains=[DOMAIN]&token=[TOKEN]&ip=%IP%
Where DOMAIN and TOKEN are generated from your account.

In pfsense > services > Dynamic DNS, create a client and set the Service type to Custom.
Select your interface to monitor and send update from (WAN typically).

Then all you do is paste the URL you got from duckdns into the Update URL field.
Type OK in the Result Match field, add a description if you like and click save.

@frankz
For a quick start this Lawrence video may help: https://www.youtube.com/watch?v=gVOEdt-BHDY

It should cover all what you need for above aims.

For what it's worth. By setting my outbound rules up manually and having them use static ports, the issue seems to be resolved.

Why the old appliance did not need this, and the new one does, I do not know. But hey, it works now!

Might want to look at incorporating DoH blocklists into your Pi.

https://www.reddit.com/r/pihole/comments/lhkwta/doh_url_blocklist/?rdt=59763

@viragomann it was resolved by itself. there was an issue on the ISP-side where I get the IPs from.

@mathais hmm whatever I was looking at mentioned 2.7.1. I guess I posted on the wrong thread?

Well, if you’re testing from somewhere on the Internet, and not LAN, show us your WAN rules.

@bdk-brhl Perhaps more "gamers" over at the gaming section, but it may help if you could provide more information about your setup. Have you tried setting up UPnP for the PS5?
How is the Fritzbox set up? Double NAT or bridge mode, if that is possible?

@Mister_X-0 said in Pfsense isn't pass Internet:

I installed pfsense and ubuntu-desktop on virtual box. now I am using from Kali-linux. After i created host adapter in vm, and connact pfsense and ubuntu to it. but ubuntu internet connection isn't work , how can i salve this probam, i am gonna use ubuntu internet by pfsense!

Screenshot from 2024-02-24 13-22-39.png

@GoettaGrip Great that you managed to resolve it... And yes I would expect that you should be able to make things work now by using the Nest devices as dumb AP's using the LAN ports. VLAN on wifi may be nice to have but it's not a necessity.
One way of separating things over wifi could be to set one of the Nest devices to 2.4Ghz only and place that on a separate VLAN only for your IoT devices. Then the other two can run 5Ghz only, on a different VLAN. Using different passwords will safeguard against any users accidentally connecting to the wrong wone.

And as long as the switches are VLAN capable this would keep 2.4 and 5 Ghz separate from each other.

@viragomann Thanks, I adjusted the source address and mask to match my VoIP setup and now everything works!