• Apply nat/firewall rules on wan to opt1?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    H

    The easiest way (without touching the config.xml doing a copy/paste and replace interface names) I can think of is to use the [+] icon in the line you want copy and then just change the interface name from wan to your optx. This works for firewall rules and for nat. however you have to click them trough one by ine this way but you only have to modify one dropdown for each rule.

  • NAT 1:1 question

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    A

    after several times reset to default and recreate the rule at firewall.
    also reconfigure my ftp server setting, download/upload is running smoothly.

    thanks a lot…  :D :D :D

  • How to turn off nat

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    S
    System -> Advanced -> Disable Firewall … but this will disable firewalling as well.

    or

    If you want to simply deactivate nat visit Firewall -> Outbound -> Enable advanced outbound NAT and then remove all rules for advaned outbound NAT.

  • Non NAT setup

    Locked
    11
    0 Votes
    11 Posts
    6k Views
    L

    I beleive that was explained here : http://forum.pfsense.org/index.php?topic=725.msg4419#msg4419

  • Automatic "outbound" nat from LAN to OPT interfaces?

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    N

    Can't.  I'm doing the utmost evil and running a beta release at a production site 3 hours away.  I can't upgrade until I go down there, not because it won't work, but because my sleep better at night knowing that I'd be there "just in case".

    Don't worry, I'm going down on friday.

  • Masquerading from LAN to OPT1

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    H

    First, this is pfSense and not m0n0wall  :P
    Second, I assume the clients at OPT are using another default gateway that doesn't have a route back to your LAN subnet vie the pfSenses OPT IP. Masquerading would fix that but could cause other trouble on the other hand. Adding a route at the OPT's clients default gateway would be the "cleaner" solution imo. If you reall wan't to NAT enable advanced outbound NAT at Firewall>NAT and add a mapping for LAN to OPT with OPT IP of the pfSense there.

  • MOVED: Ping to Virtual IP from Internet?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Microsoft FTP.exe

    Locked
    22
    0 Votes
    22 Posts
    13k Views
    A

    problem with outgoing ftp. ftp proxy is enabled on wireless. and nothing else it is working
    sometimes but is very slow and seems to stop working after about 15 minutes.

    still am a bit uncertian as to where to start lookking in respect to this.

    additionally pppoe clients seem to also have trouble with ftp as well.

  • NAT Error

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    _

    Thank, I will try it.

    Can you add "Virtual Server" in NAT? so easy to make a server-port?

    :)

  • Port forwarding http kills webgui

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    S

    This is because of NAT reflection.  You have a few options.

    Disable reflection in System -> Advanced

    Change the webConfigurator port in System -> General

    How can you fix this now?  Do this from the console ( Option 8 ) :

    pfctl -d

    Now login and do one of the above options.

    Once you are done, run this from the console ( Option 8 ) :

    pfctl -e

    Please click, "Thanks, Solved" if this fixed you're issue.  Thanks!

  • DC++

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    M

    I have portforward lots of times with diffrent versions of pfSense and have never seen that problem.

    Could it be that you have configured it wrong some how?
    Attach a screen dump of the portforward in question (an image says more than thousand words).

  • NAT 1:1 Help

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    H

    If you set it up this way, why do you need a firewall then?

    Here is how it works:

    (make sure first that your setup runs correctly with one real IP at the WAN interface, I'm confused by all the xxx in your IPs and all the /32 subnets. do machines from LAN get out to the internet and everything works fine?)

    1. Add Virtual IP
    If your provider doesn't need ARP-Replies for the additional IPs try other
    If your provider needs ARP replies use proxy arp or carp. With carp you can easily add a failover machine later.

    2. Create a 1:1 NAT mapping the virtual IP to the internal IP

    3. Add firewallrules permitting that kind of traffic
    Keep in mind, nat is applied first, then firewallrules.

    Example: You want to have a Webserver running at a machine inside your LAN and want to have that reachable via the virtual IP
    additional public IP (virtual IP) 123.123.123.123
    LAN IP that is mapped to the additional public IP 192.168.1.100

    Your firewall rule has to look like this at the WAN interface:
    pass, protocol tcp, source IP any, source port any, destination IP 192.168.1.100, destination port http/80

    Note that your firewallrule doesn't show the external IP adress but the internal one that is mapped to the external one.

    Do this for every machine inside your lan that uses one of your public IPs.

  • Different port NAT?

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    Z

    [FIXED]

    Uggg, At the moment, Im feeling really dumb.

    It was my fault, I had the digi's default gateway configured for the old router before I switched over to pfSense.

    Sorry about that.

  • How to redirect email for pptp users?

    Locked
    12
    0 Votes
    12 Posts
    6k Views
    D

    No, it still does not pass email according to the rule in port forwarding in the port forward nat section. (does port forward work for outbound??)  On outbound NAT there is no pptp to choose from in the inteface drop down.  I guess this would be analagous to using squid and forwarding those packets somewhere.  Should I try editing the config file?

  • Port forward problems, help me please :0)

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    M

    Usually you change portrange for every computer.

    EX:
    Lets say i have 5 computers behind a NAT router i usually forward mabye 10 ports to every singel one.

    forward to ->PC1 portrange->50000-50009
    forward to ->PC2 portrange->50010-50019
    forward to ->PC3 portrange->50020-50029
    forward to ->PC4 portrange->50030-50039
    forward to ->PC5 portrange->50040-50049

    And then i configure all applications on every pc to uses that dedicated portrange.
    EX: all p2p programs listen to those portranges and icq,msn and souch.
    I  have never run inte problems by doing this, if the range is to narrow then open/forward maby 20 ports.

    But if you cant change listening range in the application in question then you get into trouble.
    Can you say what application it is? (easier to do any recomendation or find solution like special scripts and souch).

  • Ftp Server inside firewall. Not working.

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    D

    Have found the problem.
    every user has to put ftp://ip adress:21/ to connect.
    this problem is solved. and finaly…

  • Minor strange behavor of pftpx when i reconfigure something.

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S

    Well changing the FTP helper status on or off will alter pftpx from running.  I'll check into the bogons piece.

  • Switch from symmetric NAT to cone NAT

    Locked
    2
    0 Votes
    2 Posts
    6k Views
    S

    http://forum.pfsense.org/index.php?topic=104.0

  • NAT is not working NAT 1:1 for IP subnet LAN

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    H

    Did you create firewallrules to allow the incoming traffic? Only 1:1 NAT is not automatically passing all traffic (which would be a bad idea anyway).

    Let's say one of your IPs is a webserver for example you need a pass rule like this:

    protocol tcp
    source IP any
    sourceport any
    destination IP <lan-ip of="" mailserver="">(NAT comes first, then firewallrules are applied so you have to use the internal IP as destination)
    destinationport http (80)</lan-ip>

  • Port redirection, FROM parameter

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    S

    Not likely, we are not adding features.  We are only adding a new option when it corrects a bug.  Unfortunately this is not a bug and you can control it more tightly with firewall rules.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.