Check:

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

https://doc.pfsense.org/index.php/1:1_NAT

Can anybody plz help me out.. :(

Probably one of the things in this list:

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Check: https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

The first DNS settings look to the firewall. The next is Google DNS and then VerSign. To my knowledge I have not had any other issues.

Not sure why you would want to do that to be honest - not getting what that buys you at all..  But sure go to outbound nats and change to hybrid or manual mode and create the nats you want.

To be honest I think I have gone over this sort of thing before when user needed to source nat from their openvpn connection, etc.

I am on the road for work, and be much easier to put together pictures and how to do it between my multiple segments when I get home - if you can wait til say tmrw morning when I should have some time to do this I can put an example of natting between local segments.  But I still don't see the point??  What aspect of natting are you trying to simulate to the internet?  To test what exactly?

"it from wlan and going on a port testing site "

So your going to a port testing site from your phone??  That wouldn't work - it would be testing your phones IP for those ports ;)

So your wan rules show some hits on 21 and 27015..  But no current states - so something hit those rules.. Which could mean where your forwarding is not listening, or firewalled or not even the correct IP.. Or pfsense can not talk to it, etc.

Go through the port troubleshooting doc..  All the info needed to figure out what your doing wrong is in there.. It really takes all of couple of minutes to find the problem.  Either the traffic is not even getting to pfsense, or the client is not listening or has its own firewall, not using pfsense as its gateway - or your sending to the wrong IP, etc.

@johnpoz:

I still say is PEBKAC

You should turn your chair over to someone else who can alleviate that problem.

@johnpoz:

…we have yet to get any actual details of why there is such a transition..

The OP did explain that.

@johnpoz:

I really don't understand this use case.

Then stop making personal insults regarding something you don't understand.

@johnpoz:

As you can see from my test the instant I transition it uses the dns query it makes on that network.

No I cannot see that from your test.  The only test results you have presented was invalid.  As I pointed out earlier.

Same here. No need to set diffrent ports for each computer either, the app seems to be using random external port to the same 4242 local so that cool too.

Well you gave me and idea, I did have these 2 rules, both have been in place a while:

deny 0 10.0.1.0/22 1-65535 (Preventing any device from taking ALL external ports, including overriding other port forwards)
deny 3074 10.0.1.0/22 3074 (there is a reason and xbox never had a problem before)

I deleted both, of course UPNP restarted (which I had done before a few times manually).

Then on the Windows 10 system restarted iphlpsvc (IP Helper) which is responsible for teredo and UPNP for it, and it registered its port fine, re added the rules restarted the service again, and again it registered it fine.

Tested it a few times with and without the rules, seems to work either way now.

No idea why that worked but it did. Thanks for the idea.

Ill keep and eye and report if it stops working again.

either way if that is a /24 routed to you - why are you natting it?  Just put it behind…  The only reason to do what your doing is its not actually routed to you via a transit - but your just handing off their connection.  Which is pretty shitty way to do it..

i think better test first the public ip address its route you wthiout pfsense.on laptop set public ip address and test it.

You need to port forward not just setup a rule.  The port forward will automatically setup the firewall rule automatically unless you tell it not to.

Also Teamspeak uses the following inbound ports:

Default voice port (UDP in): 9987
Default file transfer port (TCP in): 30033
Default serverquery port (TCP in): 10011
Default tsdns port (TCP in): 41144

Why do you need to call the ISP to see if they are blocking.. A 2 second test of packet capture on wan - and then going to something like can you see me . org tells you right away if 80 is allowed inbound to your IP..

You can call your ISP all you want, but until you do this simple test your not going to have proof one way or the other..

You have to use a /32 on the CIDR mask to limit the match to a single address. Like so:

192.168.1.4/24 is the same as 192.168.1.0/24 for all intents and purposes.