@steveits That might just do it, thanks, will have a play with that, never noticed the option below regarding gateway on a rule. Just done some testing and looks good but need to do some more. Thanks for that.

@johnpoz said in Is there a bug with NAT? Just trying to redirect traffic from 1 IP to another, nothing works.:

@genericuser8674 how is it a bug that it doesn't list any? That is not a "bug" that is a feature that is not available in that version.

Post about a bug in 2.6 CE.
Proceeds to test it on 2.7 and say iT's A fEaTuRe, NoT a BuG!
🤦

@combat_wombat27 said in Just trying to forward 443 to an internal server:

both of those match the one I'm using and see in pfsense for the WAN side.

Huh - look in your state table for the source IP that is talking to your 192.168.1.4 -- filter on that..

You really should update 2.4 has been eol for awhile.

@modesty
Maybe the NAS blocks access from outside now.

To investigate run a packet capture on the NAS facing interface, filter the port for 7172 and try to access it from outside.

Check if you see request and also response packets. If there is nothing run a capture on WAN.

@skilledinept “back away slowly“ as they say.

I recall now when I first set up HE I had to reboot for it to work. Reproduced, entered bug report, and couldn’t get it to happen after that.

@aadrem said in Nat does not work with IP pool:

I checked the advance configuration of PF sense and I discovered that reply-to was disable in that section.

To be honest, I didn't think of this option, since it isn't disabled by default.

But I'm glad that you got it working.

hello I'm new to this Pfsense thing and I am having trouble as well.

I'm not network savvy like you guys but I'm ok at it. Description about my set up is a PPP0E connection like this:
nbn box >pfsense > switch > to other devices(plex,tvs,PS,PC,etc).
my problem is i cant get any ports to open status.

under:
-Interfaces/WAN i have
*Block private networks and loopback addresses
*Block bogon networks (both ticked)

Untitled0.png

-System/Advanced/firewall & NAT i have
*Pure NAT Enable
*Enable automatic outbound NAT for Reflection (ticked)

Untitled1.png

but my NAT Rule for my plex server will not open or any port that i try to create in fact

Untitled.png

even this Outbound settings

Untitle.png

all i want is for plex media server and PS4 ports to be open.

am i doing something wrong, also if you ask me to do that capture thing, your going to have to walk me though it lol...!!! please help i have been scratching my head at this for days now and hope its an easy fix...!

Update:
Speaking to Chelsio support, they suggested setting "hw.cxgbe.buffer_packing=0" in "loader.conf". This resolved my issue.

@johnpoz Sorry I didn't get back to you sooner,

I ran out of time to trouble shoot and ended up spinning up a quick ubuntu instance and doing a DNAT using IP tables.

I did run through your example without success, I could see the messages hitting the destination on the correct port but it wasn't replying for whatever reason.

Seems to work fine using a IP table, I guess the DNAT is successfully making it appear as the messages are originating from the 110.0 subnet and satisfying whatever siemens have going on.

@johnpoz thanks for the advice. I'm not a pro that's why I'm asking for help to people that is actually doing it and tried to do it before. And also want to learn more about the process involved behind all these. Thanks again

@demux
AT least if client and server are connected to the same interface (request are coming in and going out on the same interface) pfSense turns the source IP into its interface IP.
If they are connected to different internal interfaces it might be the origin source IP, don't know.
But it's never the WAN address.

@easy-hostingnz It defaults to disabled. Enabling it there enables reflection for all rules. Alternately you can edit a NAT rule and change NAT Reflection from "system default" to enable it.

Reflection sends that connection/traffic through the router, while split DNS doesn't use the router because the devices uses a LAN IP. If the NAT doesn't translate ports then either will work.

@kom As it happens I started at step one, describing deleting and starting fresh each offensive rule. I also ensured to add logging to the WAN firewall rule that is automatically generated. I'm not sure how that should've helped but it has seemingly solved the issue. I have yet to be able to try logging into the host from an actual outside source but so far the program used to log in has a browser method that seems to be different from connecting via LAN. Thank you again, I'll be leaning heavier into the documentation in the future.

@hrustakv I fixed the problem. I didn't have a bridge built over the WAN, only on LAN ports. :)

This is exactly what I had tried to do, as this has always worked in previous versions. However, I can configure this in whatever VPN tunnel, but it is not applied. The pfsense acts as if the P2 does not exist and I see that no NAT is applied. I can't find any error in the log files either. Doesn't anyone else have this problem, I can't imagine it. Especially since my configuration for the PFSense is now also not so very extensive.