@johnpoz thanks for the advice. I'm not a pro that's why I'm asking for help to people that is actually doing it and tried to do it before. And also want to learn more about the process involved behind all these. Thanks again

@demux AT least if client and server are connected to the same interface (request are coming in and going out on the same interface) pfSense turns the source IP into its interface IP. If they are connected to different internal interfaces it might be the origin source IP, don't know. But it's never the WAN address.

@easy-hostingnz It defaults to disabled. Enabling it there enables reflection for all rules. Alternately you can edit a NAT rule and change NAT Reflection from "system default" to enable it. Reflection sends that connection/traffic through the router, while split DNS doesn't use the router because the devices uses a LAN IP. If the NAT doesn't translate ports then either will work.

@kom As it happens I started at step one, describing deleting and starting fresh each offensive rule. I also ensured to add logging to the WAN firewall rule that is automatically generated. I'm not sure how that should've helped but it has seemingly solved the issue. I have yet to be able to try logging into the host from an actual outside source but so far the program used to log in has a browser method that seems to be different from connecting via LAN. Thank you again, I'll be leaning heavier into the documentation in the future.

@hrustakv I fixed the problem. I didn't have a bridge built over the WAN, only on LAN ports. :)

This is exactly what I had tried to do, as this has always worked in previous versions. However, I can configure this in whatever VPN tunnel, but it is not applied. The pfsense acts as if the P2 does not exist and I see that no NAT is applied. I can't find any error in the log files either. Doesn't anyone else have this problem, I can't imagine it. Especially since my configuration for the PFSense is now also not so very extensive.

@kiokoman Automaticaly generated, dont edit manually. Generated on: 2022-06-03 22:53 global maxconn 1000 stats socket /tmp/haproxy.socket level admin expose-fd listeners uid 80 gid 80 nbproc 1 nbthread 1 hard-stop-after 15m chroot /tmp/haproxy_chroot daemon server-state-file /tmp/haproxy_server_state listen HAProxyLocalStats bind 127.0.0.1:2200 name localstats mode http stats enable stats admin if TRUE stats show-legends stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000 frontend frontend80 bind xx.xx.xx.xx:80 name xx.xx.xx.xx:80 mode http log global option http-keep-alive timeout client 30000 acl expressite var(txn.txnhost) -m beg -i www.expresxxxx.com acl expresmail var(txn.txnhost) -m beg -i mail.expresxxxx.com acl ramsite var(txn.txnhost) -m beg -i www.ramxxxx.ro acl nappasite var(txn.txnhost) -m beg -i www.nappaxxxx.ro acl emisite var(txn.txnhost) -m beg -i www.emimaragro.ro acl expresrosite var(txn.txnhost) -m beg -i www.expresxxxx.ro acl rammail var(txn.txnhost) -m beg -i mail.ramxxxx.ro acl nappamail var(txn.txnhost) -m beg -i mail.nappaxxxx.ro http-request set-var(txn.txnhost) hdr(host) use_backend backend-http8080_ipvANY if expressite use_backend backend-http80_ipvANY if expresmail use_backend backend-http8080_ipvANY if ramsite use_backend backend-http8080_ipvANY if nappasite use_backend backend-http8080_ipvANY if emisite use_backend backend-http8080_ipvANY if expresrosite use_backend backend-http80_ipvANY if rammail use_backend backend-http80_ipvANY if nappamail backend backend-http8080_ipvANY mode http id 100 log global option log-health-checks timeout connect 30000 timeout server 30000 retries 3 option httpchk OPTIONS / server website 192.168.1.4:8080 id 101 check inter 1000 weight 250 backend backend-http80_ipvANY mode http id 102 log global timeout connect 30000 timeout server 30000 retries 3 option httpchk OPTIONS / server webmail 192.168.1.3:80 id 103 check inter 1000

I can register the client to the PBX. The problem is that I have no audio at all. Something with the RTP traffic. When I connect the PBX and client to openvpn I have no problems. Everything works. The problem arise when I try to use pfSense public IP. I think is something with the UDP Nat

@c-amie said in [Bug?] pfSense empirically causing legacy WordPress sites to fail: We have no control over what internal code to someone's WordPress site is doing. Valid point.. One way to fix it would be to put the servers actually on a public IP via routed network behind pfsense.

Hi, to complete the topic: the patch worked for me and solved the issue. Thank you

@mistermince Have you opened the ports on the firewall rules as well or just created the port forwarding rules? Can you post screen shots of you rules and port forwards?

FIXED: I don't know why and how to check more deeply this issue: Following the documentation, to standarize every config. With Redirect target IP 127.0.0.1 as shown on the picture below. All the DNS answers came from the LAN address (each vlan) [image: redirect_dns_port_forward.png] Fixed with: Redirect target IP LAN_XX address

@jarhead Ok, all good then. Thanks again for your help.

@dsmith10 Has anyone ever found the solution to this? I'm running into the same issue. Tailscale can't port translate automatically because we have a CARP IP for our LAN's gateway.

@viragomann Great tip, that's how it works for me. Thanks you very much for the effort!!!