You can enable NAT reflection in "System: Advanced: Firewall and NAT" or also per rule.
There is no need to recreate rules. The rules added by NAT reflection are invisible.
And does pfsense have a public IP on its wan or private? If your behind a double nat its going to be difficult to forward ports inbound to your ps4 or even have UPnP do it for you.
I just installed my pfSense box and I am trying to set up port forwarding, but perhaps missed a step in my configuration.
The IP address on my external port is .85 and if I set up a route in Port Forwarding that goes to .85 then it comes through fine. I, however, want to set a port forward on .84 and when I follow the same pattern in Port Forwarding everything works. However, I am not able to get to RDP through .84. What additional configuration do I need to do so that .84 is reachable through pfSense?
I can't tell if ".85" and ".84" are public or private IPs. You need to post more information on your setup and what you are trying to achieve.
has anyone managed to get chained nat to work in PfSense, im looking to do something similar to proxy chaining where the setup would be something like
WAN–>pfsense wan ip--->pfsense wanip2---> host on wan2
where i would type in pfsense wan ip: 8000 if would nat to wanip2 8000
at which point the system would then nat wanip2 8000 to host on wan2 port 80.
i have the system setup to the point where i am able to type in wanip2 8000 and get the web port of the host on wan2
i also have the nat setup for wan1 port 8000 to wanip2 8000 but cant get it to work from the wan1 side.
i have tested the forward from wan1 port 8000 to a lan host and it works so it may be a setting im missing to facilitate the chaining of wan rules.
not sure about your question . can you draw your network topology ?
if there are nat after nat affter nat .. going on and you want to forward a port for application at last nat translations..assign the host static ip and do it straigth from throughout the chain..
Oh you mean the clicking random shit like nat reflection use 1:1 didn't fix it ;) heheheh But going down your setup and checking it point by point to find out where you made a mistake.. That worked – who would of thunk it ROFL
For anyone wondering what I ended up doing was setting up DNS entries for the different servers.
Externally, they all point to the same IP, internally, to the different servers.
As I get my hands on the devices with the old config, I'll update them accordingly.
Since it's all going off a single IP, the external devices which I can't updated would work just as well with domain.com as with server01.domain.com when it comes to the port forward externally.
This isn't a pfSense issue, so much as a basic NAT error. Firewall rules apply from the top down, so your NAT rule will only work with the first entry the ruleset encounters. You're trying to port-forward using two different ports mapped to the same internal port, so the first one in the ruleset will apply.
I believe you might be able to get around this by binding a second IP to the WAN NIC and setting your port map to that NIC, though I haven't personally tested this. What would probably be more likely to work would be introducing a second WAN NIC and setting the port map to that and the other port forward to the former NIC. Though from the sound of it, the more elegant solution would probably be the suggestion you made concerning a customised dialplan.
