Tricky. Traffic shouldn't really be traversing the firewall at all if I'm following you. (Both source and destination are on the LAN)
Crazy idea- maybe put a VIP on the WAN for 192.168.10.6, forward all needed ports to 192.168.128.13, enable NAT reflection- proxy+NAT for all NAT rules.

Hello!

Your pfSense will direct the traffic to Spootify networks over VPN if it is established which will not work. You should route this traffic over your WAN gateway.

To do so set an alias for the Spootify networks and set up a pass rule for LAN interface with this alias as destination, go down to advanced settings, click Gateway and choose your WAN gateway to be used by this rule.

We need more details.  Give us a network map, post your NAT statements and rephrase how the app communicates between the servers (include the IP's).

Are you seeing any blocks in the logs?

I'm not sure if this is the most efficient way of setting it up. On my multi WAN setup, I create the failover groups described in the documentation.  For NAT, I created each rule twice.  One with destination of the first WAN interface and then again for the other.  Leave them all active.  You will need to configure the monitor for each interface that works best with your connections.  Make sure you change any outbound rules to use the gateway group you setup for failover, especially your default rule.  When one interface goes down, all traffic will go out the other interface.  Using Dynamic DNS will cause some downtime until the new IP is propagated.  But once DNS is updated with the current IP, all inbound NAT will work automatically.

Yes - But you are now having a pure asterisk problem and not a pfsense problem.

When it does that, type in "whats my ip" in a web browser to find which of those is correct, pfsense or asterisk.

Then let me know.

@johnpoz:

ISA is a proxy..  Using NAT is not the same thing as a proxy..  You could install one of the packages that allows for reverse proxy - one of those might have the setting your ISA did.

The squid3 reverse proxy seems to rewrite the source address like ISA so that might be the solution. I will look into that.
But it seems to only apply to http-trafic. If I wanted to use port 22 for SSH it might not help?

Why don't you just put both wan connections on the pfsense box as how to solve this?

Or have the webserver use psfsense as its default gateway if that is where the traffic comes in.  If you go out the other router you have a asynchronous routing issue.

Having pfSense handle all WAN addresses is my end goal and will probably solve my problems. For the time being however I am stuck with the current multi-WAN.
(we have 10 VOIP phones that connect directly to an external VOIP provider. This works fine with our old and simple WRT54G router but fails with more modern routers. It makes me very hesitant to switch them to pfSense. I have yet to try the siproxd package)

Am I correct that the 'reply-to' feature of the firewall only applies to the multi-WAN where pfSense handles all addresses?

Adding a new subnet for SQUID/NAT is not working either… I'm stuck... :-[

NAT is not enabled between LAN interfaces in automatic mode - did you change to manual and create some NAT rule?  Did you put a gateway on one of your LAN interfaces – doing so would make pfsense think its a WAN interface and create nat rules for it, etc.

There should never be a gateway on a LAN interface!!  You have to go out of your why to even do it ;)

Out of the box you can have as many lan interfaces as you want, vlans, physical whatever and there is NO nat done between them -- only to the wan interface is nat done out of the box.

No problem - Glad it was an easy fix for you.

Philander, glad you have it working. I doubt the 8700-8766 & 5000-5084 rules are doing anything.

I ended up using a different brand firewall which works with my setup, not ideal but my old firewall was failing.

Post images of your current firewall and NAT rules.  Don't change anything.

i see. that simplifies it. thanks for the reply and help

Solved its create correct
My fault

True…. :P
Now ping working, but openvpn no... i change setting of ovpn client to connect to the public IP.
But the client not see it.

here my config for openvpn:

dev tun persist-tun persist-key cipher AES-128-CBC auth SHA1 tls-client client resolv-retry infinite remote 196.XXX.110.105 1194 udp lport 0 verify-x509-name "XXXXXX" name auth-user-pass pkcs12 pfsense-udp-1194-aziz.p12 tls-auth pfsense-udp-1194-aziz-tls.key 1 ns-cert-type serv

FWrules2.jpg
FWrules2.jpg_thumb