1. Home
  2. pfSense® Software
  3. NAT
Log in to post
Load new posts
  • S

    Port forward external port to different internal port [SOLVED]

    6
    0 Votes
    6 Posts
    5k Views
    S
    @Wolf666: Should be: port forwarding WAN  TCP  *  *  WAN address  8888  192.168.0.100  80 With firewall rule on WAN tab: IPv4 TCP  *  *  192.168.0.100  80  *  none The firewall rule did it.  That seems kind of weird how you have to do that.  Dest 192.168.0.100 dest port 80. Makes me feel like I'm opening up port 80 to the world, even though I'm not.  So I just did some testing, it seems like the rule only needs to be written like that if your doing port redirection. Just before I read this I was looking in the logs, and saw it blocking my public source, with destination of 192.168.0.100:80. Thanks for the help!
  • M

    Pfsense NAT Before VPN

    2
    0 Votes
    2 Posts
    1k Views
    dotdashD
    You would have to BINAT on both sites.
  • J

    NAT over OpenVPN to IPSEC

    3
    0 Votes
    3 Posts
    769 Views
    DerelictD
    Can this diagram be used to describe what you're wanting to do? https://forum.pfsense.org/index.php?topic=82732.0
  • I

    [SOLVED] Outbound NAT - ModemAccess

    Locked
    12
    0 Votes
    12 Posts
    2k Views
    johnpozJ
    And now your pfsense thinks it has a WAN connection going to your gateway device "My Modem".. No modems have seen have that IP ;) Dude I am not talking about a portforward, I am talking about an outbound NAT from your lan to your new opt1 interface, this is not the same inbound nat or portforward for devices on your lan from the internet.  Change your outbound nat from auto to manual and post your rules.  You will see a nat from your inside network to your opt1 network.  With all due respect its not rocket science here ;) I don't really care how you setup your system - just pointing out that the instructions are correct, if followed correctly ;)  You don't set a gateway on a interface that is just talking to that segment, a gateway on an interface is a WAY off that segment..  That is not needed to talk from 192.168.0.5/24 to 192.168.0.1/24 for example
  • D

    GW IP address that publishes the pfsense LAN interface

    1
    0 Votes
    1 Posts
    577 Views
    No one has replied
  • H

    No SIP inbound calls, outbound fine, FreePBX

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • N

    NAT, Different WANs for different subnets.

    3
    0 Votes
    3 Posts
    774 Views
    DerelictD
    The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is: Action: Pass Interface:LAN TCP/IP Version:IPv4 Protocol:Any Source Type:Network Source Address:192.168.1.0/24 Destination:WAN2 Address Try: The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is: Action: Pass Interface:LAN TCP/IP Version:IPv4 Protocol:Any Source Type:Network Source Address:LAN network Destination:any In advanced, set the gateway to WAN2
  • J

    Problem with port forwading via proxy

    2
    0 Votes
    2 Posts
    768 Views
    J
    Someone help me, please… I cannot NAT if machine local use proxy server (port 80)
  • S

    Route/nat a specific subnet

    3
    0 Votes
    3 Posts
    867 Views
    S
    Thanks much it's working great!!!!
  • R

    Port Forward seems not working. Displays Pfsense login screen

    9
    0 Votes
    9 Posts
    2k Views
    johnpozJ
    are you using chrome mobile to check it - unless you turn if off it uses a proxy.  You would want to turn that off.. As to pfsense listening on 80 and doing a port forward to something behind it listening on 80 - this is not an issue.  I just tested this and click click I was able to access server behind pfsense on 80 without issue. Was your phone on wifi or just cell access?  With wifi it most likely used that over cell data and now your doing a loopback because your coming from pfsense lan side.
  • S

    Email server rules configuration

    4
    0 Votes
    4 Posts
    1k Views
    chpalmerC
    I use Hmail and have a similar setup.  I do not have the same issue you do so I wonder if you have a config issue on the actual email server itself. You don't have your email server "bound" to its own IP do you? Im trying to think of any other config setting….
  • A

    FIREWALL::RULES

    2
    0 Votes
    2 Posts
    751 Views
    V
    You have to set up an additional gateway for the second ISP under System > Routing > Gateways. Then create a pass rule on LAN interface, at Source enter your specific internal IP, go down to Gateway under Advanced features and set the gateway for this ISP there. Keep in mind, that the rules are handled in the order they are shown at the rule tab. So maybe its necessary to put it to the upper position. If you also want to have a specific public source IP for requests handled by this rule you have to configure an outbound NAT rule in addition.
  • L

    Basic out-going NAT isn't working

    30
    0 Votes
    30 Posts
    5k Views
    R
    At the moment i have no failover WAN , only one gateway rule for a separate proxy that goes over VPN (HideMyAss). I must first take my Voipserver running before I plug in my second WAN into pfsense
  • denningsrogueD

    Disabling Port Forward

    29
    0 Votes
    29 Posts
    5k Views
    denningsrogueD
    With the great help of johnpoz I finally got port 22 closed.  I had to delete my ssh forward and rule and then reboot.  Thanks again John.
  • P

    Nating Over VLAN trunk?

    5
    0 Votes
    5 Posts
    1k Views
    P
    @mikeisfly: How did you do that? (diagram) 3ds Max http://www.autodesk.com/products/3ds-max/free-trial The software is pretty in depth but I've been working with it for a little over a year getting pretty good with it, its really fun once you get the hang of everything. That was just something i threw together in about 10 min. Here's something that took a little longer [image: 2vaze9y.jpg]
  • R

    Port Forwarding with an IP subnet incorrectly translates incoming connection?

    5
    0 Votes
    5 Posts
    970 Views
    C
    You have to add VIPs one by one, unless you're adding a proxy ARP range (which generally isn't the best option, since you generally have something else on the subnet like the ISP router that you can't answer ARP on).
  • E

    Need assistance getting port forwarding working correctly

    18
    0 Votes
    18 Posts
    4k Views
    johnpozJ
    So they were not connecting to 5000-5002? Clearly you sent back closed to those ports..  I should of sniffed when I did the probe - but normally closed means a RST came back.  Which seems unlikely if was actually listening on that port, etc.  Unless there is something on that device (firewall) that only allows specific source IP?  Or source Ports? Glad you got it sorted - it is like 99.9999% time something stupid like using wrong port, wrong IP or double nat, isp blocking when troubleshooting port forwarding issues..  To be honest port forwarding in pfsense is click click your done and working.
  • M

    NAT not working correctly?

    20
    0 Votes
    20 Posts
    5k Views
    A
    I did get UDP reflection to work on 2.2 beta.  I had to use Pure NAT reflection mode and make sure 'Enable automatic outbound NAT for Reflection' in the 'Advanced->Firewall and Nat' settings page.
  • B

    TFTP server behind pfsense can't talk to clients over OpenVPN

    6
    0 Votes
    6 Posts
    3k Views
    B
    I gave up on TFTP and switched to HTTP for provisioning and everything seems happy now. I'm fairly green to networking and always looking to learn more. Can you recommend some resources? During this entire process I felt like I was missing the knowledge on how to debug the problem. What's the best way to do packet capture on linux? Thank you for your help.
  • K

    NAT Reflection in 2.1 release… Seems to be working 100% now.

    3
    0 Votes
    3 Posts
    2k Views
    K
    Blast from the past…. No - I have not.  I'm not in a good position to run Beta releases in production. I think for sure others have.  Perhaps they will reply.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.