@midnightfm Good to hear the firewall side is resolved. Sounds like you'll need to dig into some Windows event logs to diagnose the barracuda LDAPS issue. I'd expect to at least see failed connection and/or authentication attempts on the DC in the event logs.

i finally found the cause, i changed the 'Filter Rule association' from 'pass' to other, i then works
c64cd004-70ad-491e-b301-eafe18d333f1-image.png

but the thing is we have default gateway and even i allow all in firewall rule, but nat with filter rule association 'pass', nat still not forward the traffic; looks like it's the bug of pfsense
3375e8e7-e1fc-4306-8f6a-80cc70841df5-image.png

@phipac it is possible to do reverse proxy with tcp ports - I haven't had a need to do such a thing.

but why would you not just have munin.domain.tld for that service and other.domain.tld for whatever other services your trying to talk to.. they could resolve to the same IPv6 or different.

edit: or if you happy with how IPv4 is working - why throw ipv6 into it at all.. There is nothing saying you have to use IPv6, unless your behind a cgnat and that is the only way to get unsolicited inbound into your network.

Just because IPv6 is the future, doesn't mean that future for you is now ;) Could be 20 some years before IPv6 is the main protocol to be honest.

My isp doesn't even provide it - I have had ipv6 from like 2011 or something via HE tunnel.. I sure don't use it for any services I provide or use while I am remote to get into my network. As you said IPv4 with nat and port forwards work just fine. ;) Providing those services via IPv6 gets me nothing other than more complexity. Shoot most of my users of my plex server don't have IPv6, or even know what IPv4 is let alone IPv6 ;)

Not sure what all services you want to provide to the internet - but any services I need to access on my network while I am about I just vpn in - via IPv4 ;)

@SteveITS Thank you so much. Let me take a look at this article.

@negeji8010 yeah I hear yeah.. oh btw IT make this nonsense work.. Yeah we didn't bother to ask you if we "could" do such a thing - just make it work!

To make it work.. You will need to nat them, and will need different natting devices.. The "cheapest" way to do it is find some small little router.. Some little travel router or soho router going to be the easy cheapest solution. Sure you could do it as vm, etc. But that is going to cost more for sure.. Unless you have something laying around to use as the host were you could run multiple natting something - wouldn't have to be pfsense doing the natting.

If you go the soho or travel router I would make sure it runs some 3rd party firmware (openwrt for example) vs native like linksys or netgear router OS.. Maybe tiny router from Mikrotik, they have something like the hex lite for like $40 that can be powered via poe, etc.

@viragomann Thank you.n Problem solved

I wanted to give an update to this since I have been going back to this problem and believe I have finally found a working solution.

My experimenting has involved a few different firewalls and setups, and all the time I have been able to get Open NAT on MW2 (2009 version) only when the game has been "seeing" UPnP. Regardless if there has been a second firewall upstream that only had "traditional" port forwarding set up.

I'm writing "seeing" UPnP as I recently did some packet capture and started noticing some similarities between the scenarios with and without UPnP active. When not having UPnP I have manually set up port forwards for 28960-63, which are the ports showing up in the UPnP status page when this game is running.

What I found was that regardless if the game reports Open or Strict NAT, I always have the following "pattern" showing up in the pcap data:

e61ff4f5-1a6b-42dc-83ca-5e20cf7109ae-image.png

The only difference when UPnP is active, is that before this communication starts, I also see the following nat-pmp request and response sequence.

15bbeb55-5dac-409a-bf01-8988f2e68b0e-image.png

So I started thinking that the communication actually seems to be working on port 28960 and the game's reporting of Strict NAT might not be accurate? So I got some help from my friends to do some further testing and sure enough, I am able to host a game as well as connect to any other party hosting a game without issues!

So, I'm guessing that this particular game is actually reporting NAT status solely based on getting a response on it's nat-pmp request, and not based on actually doing a communication test... which in my case is giving me incorrect information and has had me chasing a nonexistent problem for quite a while... 😲

So all I have now are ports 3074-79 and 28960-63 opened towards my game PC... And for port 3074 I have to make sure to use static port.

@SteveITS yes, that is correct and it is written everywhere.
The problem is that, 99% of the cases, you cannot reinstall and that was my case :)

@johnpoz STILL WORKING!! Thank you again for all of your help. How can I help your status? I am new to the forums.

Great job, and you also learned port forwarding, ACL ordering, alias creation and much more. I love this forum you can learn so
much. Now you just need a OpenVPN configured with a NAS server for private cloud use

@Bob-Dig thanks for your feedback again!

Yeah, I think they are assigned properly, unless I'm missing something here and PPPoE actually requires a different assignment.

assigments.png

gateways.png

Thank you!

@Gertjan Oof, also a typo. The desktop actually ends with 100, not 1. I'll make an edit. That WOULD be a disaster.

@viragomann

Thanks for your help.Its work now.
In fact its was my openvpn interface that not handle ip address.

Problem 2 fixed by adding route to 192.168.5.0/24 on Mikrotik side

The thing is that even if I can get different addresses for TCP and UDP, it would still only work with 2 connections. Better if I can get the routing solved with 1:1 NAT somehow?