Can anyone answers my questions. Please.

I've already followed the articles at the following links:
https://doc.pfsense.org/index.php/VoIP_Configuration
https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to
https://forum.pfsense.org/index.php?topic=108318.0

but still no luck.

172.16.0.x is my PFsense box for headoffice
172.16.1.x is my PFSense box for remote site.
172.16.0.2 is my VOIP/Elastix.

All IP phones in 172.16.0.x is working well but in 172.168.1.x all IP phones are not connected.

It was working before.

Regarding opnsense, only using the documentation for the transparent bridge as a bit of a primer to get me started with pfsense!

When I was testing the transparent firewall, I had it placed between the USG and the switch. All downstream PCs picked up DHCP and saw the USG as the gateway, but I couldn't get the pfsense box to connect to the internet. I tried adding static routes for the bridge interface and even added a separate USB NIC as a management interface, but it too couldn't connect to the internet. I have a feeling it may be because I turned off NAT when I was creating the bridge. Do you think I just needed to add a NAT rule??

Thanks so much by the way, the more I reading, the more I'm learning.

You cannot forward a single port (53) to more than one destination.
Use pfSense DNS Forwarder (or DNS Resolver in forwarding mode) and have it query the OpenDNS servers.

This is not a NAT issue.

"If every computer and PLC has different ip address we have to configure them every single time individually."

Nonsense…  I have been in countless class be it with real hardware and or VMs where yeah the machines are re-imaged between classes or even on the fly if a student messes up.  They sure didn't use the same IPs.

Students where given their specific IPs to use before class, etc.  This is the whole point of dhcp where you could hand out specific IPs to the devices as they boot up, etc.  If you want your PLCs to be on specific IP and they can not be dhcp.. you could always just but them on a host only network where each host has its own network that is 192.168.x/? with a 2nd nic that way these interfaces could be 192.168.1.1 for PC and .2 for the PLC, etc..

32 VM copies of pfsense?  On what each machine??  That just seems nuts!!

How about you give us some more details of the hardware your working with, etc.  And we figure out a better way to do it other than 32 VMs running pfsense just so you can put a nat behind them all using 192.168.x

If all you're doing is providing local host names, you don't need DynDNS.  pfSense has 2 built in DNS servers.  Just configure your local names there.  You can even have DHCP pass the names to the DNS server.

weird…

it just started working.  I turned on NAT reflection but initially (as I described) it did not work from the host machine that the port was getting redirected to.  now it does.

Ok, it is working now!

My initial config was correct, but an old bug form pfsense (2015) came into my way:

https://redmine.pfsense.org/issues/5319

Charon didn't restart correctly and i had to kill it manually. After that, he reloaded the config correct and it is working now. So the problem was that Charon didn't restart / reload the config :/

Thanks for your help anyway

They are running sunOS 4.1.4 - they use rlogin still  :'(

LOL, I virtualized one of them just out of concern of the age.  We are terrified when we have to reboot them!

-Mike

@Derelict:

In order for your WAN to be able to access the internet either they will have to NAT for the private address you are using on your WAN (which is what they probably should be doing, absent what they REALLY should be doing - giving you real, routable IP addresses for your WAN interface).

You might be able to add an IP alias VIP from the /29 on your WAN interface and tell pfSense to outbound NAT certain traffic from the firewall outbound using that VIP. you will need to NAT at least DNS, HTTP, and HTTPS for package manager and updates to work I think.

It's a kludge but so is the configuration they gave you.

Perfect. I was able to download openbgpd with a config like the one that you referred.

I think you need to rewrite this post with more detail??

But from what you have above could you not just have an alias with a group of internal webserver addresses or a designated subnet (assuming only one internal address will be using the nat rules at any given time)

your pfsense wan is private IP, ie its not public. So there is something in front of it doing nat..

Your other router or isp device is changing your public IP to the is private (rfc1918 address)

"Wan - 192.168.1.67 (DHCP) - i get this ip from my router "

So you need to make sure you forward whatever it is you want to forward on that device to pfsense wan IP.

Since you will be sending traffic to rfc1918 (your pfsense wan) you will need to make sure you uncheck the block rfc1918 on wan.

If you set the port range from HTTP to HTTPS, it means all port from 80 to 443. In this case you have to set the redirect target port to HTTP. But that would not be what you intend.

For your purpose you should add an port alias for HTTP and HTTPS and use this one in the rule. Firewall > Aliases > Ports
Give it a name like "HTTP_HTTPS" and add the ports 80 and 443. Then you can use this alias name as custom option at Destination port and Redirect target port.

[Solved]

I installed pfsense version 2.3.4 and restore config. Its working

Hi there,

Here I am again, one of my remote site with the same scenario. It can ping the WAN but it cannot access the web gui.

All are solve but this remote site still cannot acess.

I have never seen nat not update the firewall rules  or reload the filters.. You can look in the log and see the filter reload.

Issue was resolved, the NAT rule was not being created.