• Manual Outbound - OK, Inbound not so OK

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    D

    Lead me up and let me down, thanks! :)

    Anyone else got any ideas?

  • WebServer behind PFSense

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    R

    @Metu69salemi:

    i don't use nat-reflection myself so it's unknown field(i'm using split-dns)

    can you provide screenshot of your portforward rules

    Here it is, Sir

    Clipboard24.jpg
    Clipboard24.jpg_thumb

  • Simple Operation, or so I thought…

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    I

    I finally found out what the issue was. We were having some IP address conflicts and so the port request wasn't even reaching the firewall.

  • Auto Outbound Nat with VIP?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    jimpJ

    If you want to change anything at all with outbound NAT, you must use Manual Outbound NAT. There is no way to change any settings like that otherwise.

  • Virtual IP (Proxy IP) associating to wrong interface

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    When you created the NAT rules, what interface did you choose there?

  • Port forward by hostname.

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    jimpJ

    There are proxy packages that can do this, I believe the mod_security package is one of them, but I'm not sure if it's currently working or not.

  • Redirect LAN trafic into 2 different server

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G

    Or there is someone that could suggest me on how to solve this problem?…:)

  • IChat Configuration Issues.

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M

    I'm currently using 2.0rc3.

    So this advice is "tailored" for 2.0 try to convert it to 1.2.3 if needed any adjusting.

    1. Create port alias

    add there these ports: 5060, 5190, 5220, 5222, 5223, 5297, 5298, 5353, 5678, 16384-16403(awful lot of ports at my point of view)
    2. Create a rule on wan pass tcp/udp source any source port any destination wan-address(or use portforwards to get interenal addresses) destination port your newly created alias gateway any logging none
    3. Apply changes and try
  • Asterisk behind pfsense

    Locked
    9
    0 Votes
    9 Posts
    6k Views
    G

    @Nachtfalke:

    Port 5061 is used for encrypted (TLS) VoIP traffic. This means that TCP is used. So changing the timeout of UDP will not help. In some cases VoIP can use DTLS (UDP) encrypted traffic.

    Im using port 5061 for security reasoon, im using the same technic as usual port 5061, udp yes. My firwall is blockling alot of traffic on 5060 that shouldnt be there, mostly ip's from china.

  • LAN > WAN not working

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • PF 2.0 advance NAT enabled with NAT reflection

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J

    Does anyone have any input.

  • Bridging and Vlans - have I missed the point

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    M

    More likely feature than bug. pfsense seems to be capable lot of different functions and thusfore it might be tricky to setup

  • Access internal computers using external IP & ports?

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    J

    @Cry:

    The problem you're facing is called NAT Reflection and if you search the forum you'll find more about how to deal with it.

    Wow, just one check box, thanks :)

    That's exactly what I wanted to do.

  • One-way NAT over IPSec?

    Locked
    6
    0 Votes
    6 Posts
    6k Views
    C

    @jimp:

    Actually NAT+IPsec is still not possible even on 2.0. If you have overlapping subnets and you are forced to use IPsec, you'll need to setup a second box to translate through, like so:

    Main Firewall, IPsec tunnel between "fixed" subnet and remote site, LAN interface as usual, second internal interface on the "fixed" subnet.
    Second "VPN" firewall sitting on the "fixed" subnet on its "WAN" connected to the main firewall. LAN subnet is the same as the LAN side of the main firewall, but a different IP. This box's job is just to translate between subnets.
    Main firewall gets a static route that points traffic headed for the remote subnet to the VPN router instead, which should make the NAT happen, and then when the NAT goes out via the main firewall it's on the right subnet, will match the IPsec SPD, and go over the tunnel as you like.

    That method should work on 1.2.3 or 2.0.

    Maybe this post will give some tips about implements it in one box
    http://fixunix.com/bsd/87865-nat-ipsec-openbsd-pf-isakmpd.html

  • NAT Broadcast Address

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    M

    Can you tell what you want to do with pfsense?
    If only firewall normal internet trafic, then you don't have to handle outbound nat etc

  • NAT Public IP to PPPoE service

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    Z

    Thank will I try.. :-)

  • No access to opt network

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M

    The image does not show up…
    For no reason it is working now

  • Virtual IP Range and NAT

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    jimpJ

    Upgrading to the most recent 2.0 RC snapshot is pretty safe right now. There aren't any known upgrade programs with configurations (aside from some issues with international characters in the raw xml) and it should be OK to use in production.

    We're only a week or two away from a 2.0-RELEASE if we can get a couple kinks ironed out.

    If you want to check your config, there is a Pre-Upgrade Check package you can use, and you can also check the upgrade guide on the doc wiki (check my sig)

  • How to log NAT state table?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • I'm fried - Need some VSFTP help

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T

    OK so finally figured out WTF my problem was.

    Disabling the FTP helper and simply making a port forward with rules (including passive) got me working.

    Long story short, the issue was a M$ ISA server that corporate uses as their firewall which was screwing up my TLS session with its own FTP rules (local routing).

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.