• IPv6 over IPv4 Tunneling

    19
    0 Votes
    19 Posts
    3k Views
    B

    @maverickws said in IPv6 over IPv4 Tunneling:

    You don't need to configure NAT for this.

    The rule you need is a Pass on the WAN interface (Firewall > Rules > WAN), I believe allow any to any or any to host and on protocol (not address family) you select IPv6 I think that's it.

    Yes, I did that. Protocol IPv4 IPV6 Source any Destination (tried any or my VM IP) and this rule does match the state that is created when I ping out. But still after it times out incoming connections are dropped and don't show up in firewall logs. So it's inbound NAT that isn't working and I suspect it has to do with that error I'm getting in the original post.

  • NAT Redirect Question

    6
    0 Votes
    6 Posts
    390 Views
    T

    Thanks @Nitrobeast - really appreciate the help!

  • Double /30 for wan

    2
    0 Votes
    2 Posts
    246 Views
    M

    Finally i solve it myself using this link https://docs.netgate.com/pfsense/en/latest/interfaces/using-public-ip-addresses-on-an-interface.html

    The idea is to not ANT second /subnet as it s already an Public IP subnet.

  • How to redirect custom urls to same local IPs with pfSense

    3
    0 Votes
    3 Posts
    326 Views
    J

    Hey,
    Thanks for the detailed video, I have followed the steps and used the template provided in HAproxy to send traffic to same backend server using host names in the ACL, however when I hit the first site for example site1.com, its working fine, but when I hit site2.com, its not working, any idea why this config is not working

  • LAN to WAN VIP NAT to DMZ 443

    2
    0 Votes
    2 Posts
    248 Views
    RicoR

    https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html

    -Rico

  • 1:1 NAT over OpenVPN

    1
    0 Votes
    1 Posts
    559 Views
    No one has replied
  • Port Forward for Multiple Interfaces

    3
    0 Votes
    3 Posts
    341 Views
    DerelictD

    No. Port forwards need to be configured on each incoming WAN interface.

  • ip sec phase 2 nat

    1
    0 Votes
    1 Posts
    151 Views
    No one has replied
  • Nat suddenly stops working

    17
    0 Votes
    17 Posts
    1k Views
    C

    @KOM Total mess today but hey, now it rly works because I did configure static ones on the servers.

  • Getting started with NAT

    10
    0 Votes
    10 Posts
    512 Views
    KOMK

    I was going to next suggest that you packet capture on both WAN and LAN to see if the packets are hitting and where they're going but you figured it out. Glad to hear you've got it sort of working. You want your modem in bridged mode so that it acts like a dumb pipe without any firewalling or NATing. If that isn't possible then you're stuck with double-NAT where you forward ports on both your modem and pfSense. Blech.

  • Random Source Port Causing High Ping in Games

    4
    0 Votes
    4 Posts
    405 Views
    KOMK

    pfSense does not use static source ports by default due to a security risk that allows attackers to potentially use that to intercept data. I don't remember all the specifics as it was long ago tat I read that (assuming Im even remembering it correctly.)

    For your gaming purposes, there is nothing wrong security-wise with adding an outbound NAT rule to make traffic from your console use static ports.

  • Clients cant browse

    10
    0 Votes
    10 Posts
    669 Views
    R

    thumbnail_20190617_122334_Burst01-1.jpg

  • NAT Stopped Working

    7
    0 Votes
    7 Posts
    486 Views
    N

    @cdegroat82 Well, this is not something pf related.
    The combination of pf vlans, esxi vlans switced based vlans and l3 routng at switches can become quickly overly complicated and its easy to overlook something.
    Hope the rebuild has solved it :)

  • 425 Security: Bad IP connecting.

    5
    0 Votes
    5 Posts
    4k Views
    johnpozJ

    This has been gone over like a 100+ times... You do not need to forward 20, ever!!! You need to forward the passive ports your going to use, and you need to make sure your ftp server hands out your actual public IP vs its rfc1918 address.

    But again as rico says ftp BAD! ;) Use sftp and now you don't have to worry about any of the active passive stuff on the data channel.

  • Set up Reverse Nat

    2
    0 Votes
    2 Posts
    292 Views
    V

    By default pfSense translates source addresses of responses back to the external address the request was addressed to when the packets go out.
    Can you provide more details?

  • Plex forwarding issues

    18
    0 Votes
    18 Posts
    995 Views
    kiokomanK

    good news, you are welcome, I'm glad I was helpful

  • Port 53 on 2+ machines

    6
    0 Votes
    6 Posts
    510 Views
    J

    @Rico
    port 53 is required for DNS on a CONTROL PANEL! for host.

    also
    the second server machine is hosting DDNS that also require DNS with default port "53"

    What im asking: IS there a way to route port "53 DNS" to pfsense and then from pfsense to machine 1/2 ?

  • 1:1 NAT across IPsec tunnel?

    2
    0 Votes
    2 Posts
    260 Views
    jimpJ

    You have to use Phase 2 entries with BINAT. You can make one phase 2 entry per mapping if you must do them individually.

  • simple NAT not working during outbound NAT part (for some VLAN, not ALL)

    5
    0 Votes
    5 Posts
    400 Views
    X

    I will do an upgrade for this FW ASAP, but as it is a production, I can't do that as quick as I want.

  • Assistance enabling external access into LAN (NAT/port-forwarding)

    13
    0 Votes
    13 Posts
    830 Views
    J

    Confirmed issue with ISP provider, their mystery device is in fact a router and has its own port-forwarding rules. I had misconfigured pfSense to the wrong IP on the mystery boxes' network, issue resolved after configuring pfsense correctly :-)

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.