@KOM Entiendo, muchas gracias

@Gertjan its on WAN and i am sure the server is accepting connections as when i use my default network setup ( virgin router only) the dayz server shows up to the community, but when i switch back to pfsense the server dosnt show

Hi Gertjan,
Just wanted to let you know that I tried the nat rules like you said and it worked perfectly now. I was making a huge mistake while creating rules in pfsense but now i understand. I learn a lot today, so I'm very happy right now. So thanks you very much for your help. The next step will be to buy myself a smart switch like you said and put my server in another vlan so I might have another question soon :)

Couldn't resist could you? Can't blame you though.

ah, now i see the problem. double-nat.
thanks for your help.

OK. The stupid modem/router wasnt translating correctly. In bridge it works flawlessy.
The only difference from this and my other location is the router. Here i have a tg789vac from Technicolor and branded TIM (the ISP); the other one is a Dlink DVA-5592, is not branded and the ISP is Wind. (Italian ISPs).
Guess that the dlink with only DMZ set up does also the static port and the Technicolor not. Good to know.

Thank you for your help. Much appreciated.

So you want to access IP in the opt1 network, where that IP points to a different gateway.. If reading that correctly...

Could draw it up to be clear - but if understanding your ? correctly... You have couple ways to do it.. You can either source nat so traffic from pfsense wan actually looks like it comes from the IP of pfsense in the opt1 network.

Or you could host route on the IP your wanting to access so it knows how get back to the source IP via pfsense opt1 IP..

3rd option would be to alter the network layout so you don't run into this sort of issue.

@tobijuan said in Re Routing:

So i can assign a dest IP/port

Why would you need more than 1 router... If you know the dest IP and or port - then you can just create the firewall rule in pfsense to send it where you want "gateway"

Give an example of application your trying to route.. How is it you would need appID to determine what it is?

@scootr1975 said in Can't reach my domain from within my local network that points back to local network:

I am host on my own server a website. I have all the port forwarding setup to reach it from anywhere but on my local domain. I know there is probably a topic on this somewhere but I can't find it. Can someone please help me.

Did the answer above resolve your issue?

@9thplayer said in NAT Reflection mode for port forwards not working for internal IPs to access through Public IP.:

To be clear, We are using internal DNS server, not using firewall's DNS.

So why not add an A record to your internal DNS that resolves your FQDN to its LAN IP address which is method 2 split DNS? Much better than hairpinning out and then back in again just to reach a local resource.

@andrew-frowen said in pfSense and Skype for Business SIP issue with Private IP:

Just to confirm our skype for business end users can call and the endpoint rings but no media flows when the call is answered, this is the same for inbound calls.

Normal SIP phones also need RTP. Id be watching firewall logs for blocked traffic while trying to make a call and add firewall rules accordingly.

HTTPS or not, if the port is exposed and the stack is weak, it can be accessed remotely by attackers.

Doesn't matter if you think you are not worth finding, scanners will find you.

https://www.shodan.io/explore/tag/webcam

@HansSolo said in Port Forwarding Troubleshooting:

Early on, one must become acquainted with the Save buttons and which ones need to be used and when.

Yeah, wait until you try to use Squidguard and realize that none of your changes will stick until you go back to the General settings tab and click the Apply button at the top, after you have clicked Save at the bottom.

Works perfectly. Thanks!

I removed the bond0 interface and everything seems to be working with the single interface.
The 2 ports on the switch was set to 802.3 LAG but I used mode 6 ALB on Centos 7 which did not need 802.3 LAG... I think that was the issue. I am not exactly sure what and how that is breaking the port forwarding though...

I'll setup the bond interface once I have everything else configured and for sure working.

johnpoz - And what does this have to do with pfsense at all??
You are right, nothing to do with pfsense!

Thanks for the troubleshooting tips!

@joelones said in Redirect http on another port for a host override:

So what I want to accomplish is the following; I'd like for users on the network, instead of accessing services as [ip:port], to access them as such [MachineName/ServiceName].

I realize this question is old but I found it while looking for something else and this response may help someone else. What you are trying to do is often done with pfSense handling the LAN routing and Nginx or Apache handling the port routing on the local server running your services or apps.

In pfSense, services > dns resolver I use host overrides like this (example): Host=test1, Domain=something.com, IP Address=192.168.12.20, Description="Main app/service on this server" Then under "Additional Names for this Host" i have: Host=test1, Domain=something2.com, Description="Main app/service2 on this server" Host=test1, Domain=something3.com, Description="Main app/service3 on this server"

This routes LAN request targeting test1.something.com, test1.something2.com and test1.something3.com to 192.168.12.20 server. On that server I have Nginx running (same thing can be done with apache) and routing request to different service ports. Here is a basic example Nginx config for http://test1.something.com and http://www.test1.something.com being routed to a service running on server at 192.168.12.20 on port 3005 on a Ubuntu server.

# file /etc/nginx/sites-available/test1.something.com server { listen 80; listen [::]:80; server_name test1.something.com www.test1.something.com; location / { proxy_pass http://127.0.1.1:3005; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }

The firewall on 192.168.12.20 only needs to allow external traffic from port 80 (and 443 if https) and Nginx will route to the appropriate local service port.

More information about that can be found Here and Here and Here