thank you but
he system is currently in school. I can't try it right now. Need some help?

I thought I'd try to RTFM on doing this via a tunnel interface rather than VTI as per https://www.netgate.com/docs/pfsense/vpn/ipsec/routing-internet-traffic-through-a-site-to-site-ipsec-vpn.html
I had not realized you could pipe 0.0.0.0/0 through a VPN tunnel.

This config works without any issue, and considering the warning on the site: "There are also known issues with NAT, notably that NAT to the interface address works but 1:1 NAT or NAT to an alternate address does not work." - I would assume that this is a VTI limitation. Still if anyone has any additional info on this it'd be interesting to know.

@xeon said in NAT External URL to local exchange server:

When you say Proxy, is it a Web Application Proxy server?

@bepo was describing how to use HAProxy.

@johnpoz Thanks - sorted!

I have a bunch of ports that are included as a single port alias and one rule is used to port forward ... and that bunch included 25.
Removed port 25 and hey presto.

@johnpoz letting me know where it was being bounced from helped. Thanks.

On a side note, should I have my home network name as a subdomain as my external name?
i.e. internal.domain.co.uk, or should I keep it as
similardomain.local

I have two inet connections, one is standard residential (WAN) and the other is 5ip business (NET2). If I set it up to use the 5ip as WAN then I can get the NAT to properly route thru selected external ip's. I did not test the connection out the res. as NET2 in this configuration assuming that I would have the same problems as above but it does seem that there is some sort of issue trying to NAT out an OPT type interface.
Anyone?

Can't anyone help me ?
I tried pretty much everything I could imagine..
I've tried also with siproxd without success either.
As soon as I remove my pfsense appliance and return to my previous router voip is working.
I can see that sip is working (registration is ok in the Ata and it show inbound and outbound sip traffic) but for rtp, only outbound and 0 inbound traffic....

@KOM

Thank you!!
answered everything

Kind Regards
Kinch

Something is not quit right here. You said the symptom of the problem was that you could access your local game server on LAN, but your users on WAN could not. NAT reflection will not address that issue. I suspect that there was a problem with the NAT you created and you somehow fixed it but thought it had to do with NAT reflection.

@shetu said in Port Forward not working:

Last question what is difference between DMZ and Super DMZ (netis router)? I put my pfsense mac address to Super DMZ, it was not working.

Read the netis router manual, this has nothing to do with pfSense. And "Super DMZ" is not a common term in networking, but rather some manufacturer specific thing.

@marcus-horne said in Mobile client IKEv2 vpn, access to remote network(IPSec):

But i have no

https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html

Automatic outbound NAT should be fine.

"To pass all traffic, including Internet traffic, across the VPN, set the Local Network to 0.0.0.0/0" << this routes all the client traffic over the VPN.

If you want specific clients to receive a specific IP rather than an address out the range check this out:-

https://forum.netgate.com/topic/115795/guide-ikev2-ipsec-per-user-firewall-rule-settings-with-freeradius

Thanks i send you the upload

Correct, sorry. I actually did what you mentioned above and it did sync to the secondary. Thanks.

Did you check what your WAN IP is? By default LAN IP on pfSense is 192.168.1.1 but sometimes default IP-pool from ISP equipment is 192.168.1.0/24 and in this case you have to change LAN IP-subnet.
Did you connect your server to LAN port or OPT?
What are your Outbound NAT Rules and Firewall Rules for LAN/OPT?

If you are already connected to a site that has that network, then the other side must do NAT, not you. There isn't a way for you to hide that conflict using a single firewall.

There are some ugly ways around it, like setting up a second firewall to handle that one VPN and do NAT between your main firewall and that firewall, but it's not ideal.

You could also renumber your LAN, but that would be significantly more work.

@_neok I decided to put a router to not touch so much my pfSense, since I have other links and that way I have the cleanest configuration.
Greetings!

If you see a state, it has passed the firewall.

Check your target box. It's either not on, or it's blocked there. Most likely not a pfSense issue.

Nowhere close to enough detail here to even hazard a guess.