@fm808 Cool ! Glad you figured it out :]

@sanjibgupta said in How to nat a IP range?: In pfsense 2.4.4 Hi, The developers, they don’t work hard for that, because you get stuck one on an ancient version. Please upgrade your system and ask your question again. https://docs.netgate.com/pfsense/en/latest/releases/2-4-5-p1-new-features-and-changes.html

Even for remote access you don't need port forwards for your ring stuff. For access to whatever HA you running - ok.. But that would be a bad idea! If you need remote access to some service your running, then vpn into your network and access it that way. The only time you should allow for unsolicited inbound access, ie a port forward would be services you want to be open to the public.. Say some public web server, or plex server, or minecraft server, etc. ntp server. If you are going to be the only one to access it - like a HA service, then vpn would be the more secure solution.

@viragomann Ah crap, yes I remember this now. Thanks for the reminder, working now. -Adam

yup split dns https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html#method-2-split-dns

@Derelict said in NAT Port Forwarding and associated rule(s) help: Most people make an Alias containing the list of source networks they wish to allow and use that as the source of the port forward. @N8LBV And to expand on this concept a little bit, you can also create an alias of all the ports, or port ranges, that you want to allow, then use that alias in a NAT rule or firewall rule. Jeff

It works. Thanks very much @johnpoz !

@trevorstuart Not exactly. If you bridge WAN and LAN, both interfaces are in the same L2 network. So pfSense is neither a router nor a gateway anymore, the gateway would be the modem. WAN and LAN devices are in the same subnet and you have to do any forwarding even to devices behind pfSense on the modem. But you are still able to filter the traffic on pfSense. Can't you deactivate the DHCP server on the modem and let pfSense do that job in WAN subnet? The DHCP server on pfSense can push the route for the LAN subnet to the WAN devices. So you don't need to set it manually.

@vpnguy said in Can't get LAN traffic to connect through WAN: @viragomann Thanks a lot! You were very helpful. What would you recommend is best way to troubleshoot making sure that there is no cross traffic between OPT1/VPN subnet and LAN subnet? You can setup an explicit BLOCK or DENY rule on the OPT1/VPN subnet from getting into the LAN subnet. Do it like this: Action: Block or Reject Interface: OPT1/VPN Address Family: IPv4+IPV6 (or IPv4 if you've turned off IPv6) Protocol: Any Source: OPT1/VPN Net Destination: LAN Net Give it a good description and save the new firewall rule. Make sure it's at the TOP of your list of rules, and it should work fine. Hope that helps! Jeff

You cannot see that in a packet capture, at least not on the internal interface. You can do a capture on WAN while updating the system time on the client. If the packets do not appear there the NAT will work.

And then hey when want to go back to the kitchen - back to the front door ;) In the big picture prob doesn't matter all that much, unless your moving a lot of traffic. But it sure is not the "optimal" sort of setup.. Why would you want to do that?

I follow the instructions, remove default gateway in firewall rules, to default. I can see the firewall log it says allow (green check), however, still does not connect. Any other idea? Because I still can't do event ping between LAN and DMZ. BTW: If I set "default" gateway in System/Routing, no LAN client can browse internet. Maybe something else is missing?