• NAT with multiple public IPs

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M

    This is primarily what I am doing too.

    The easiest, and cleanest way to do this is to create an alias for the ports you want to accept for that system.

    PRT_SERVER
    21,80,110,443 etc etc

    Then create the firewall rule for the ports on the INTERNAL IP of your server.

  • NAT on bridged interface

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • [SOLVED] Interface which utilize TWO IP addresses

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    T

    I think, I have described my question not as clear as I should
    What I wanted, was to allow multiple subnets on one interface

    Luckily i have found an answer here:
    http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf

  • Some packets are not translated

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    F

    Hi vatson!

    I've experienced the same that you describe:

    <http: forum.pfsense.org="" index.php="" topic,19208.msg98830.html#msg98830="">Nobody (except you and me) has discovered this before?

    My release is 1.2.2 and the issue continues the same way.

    In my case, the interface in not the LAN one, but one of the OPTn.

    Regards: Paco.-</http:>

  • Hosted VOIP and pfSense

    Locked
    25
    0 Votes
    25 Posts
    17k Views
    R

    I could do that, but with 20 phones in 3 states this was much easier to do.

  • Problem with 2 IP's and Nat 1:1

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Problems accessing internal services externally

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    B

    Thx will check it out asap.

  • 3 NICS

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    E

    Thanks I got it working!

  • 1:1 NAT- Outbound Rules

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    D

    I have also been trying to figure this out.  I tried using 1:1 NAT mapping to map the external IP from my OPT1 interface to the server but outbound IP is still from my WAN.  I thought that outbound mapping might take care of it but haven't tried it yet.  I will want to do that in a test environment to see how it will effect outbound traffic otherwise.

    Let us know if you ever found a solution or hopefully this will bump the thread and get some more eyes on it.

  • Starcraft battle.net 2 plays on one LAN

    Locked
    17
    0 Votes
    17 Posts
    10k Views
    E

    The keep state rules do not take care of it because there may be no existing state to keep.  The reason this kind of translation works for Starcraft is that its version of Battle.net expects Starcraft to be listening on the same port as was used for the source port.  It then tells the other players that you are listening on that port number.  For Starcraft you can also change the source port number through the registry, but the router needs to be told not to change the source port when it translates the outbound packets.  In either case a port forward is needed, though.

    For Warcraft III, its version of Battle.net does not care about the source port.  It directly tells Battle.net what port it is listening on instead.  Because of this, it only requires a simple port forward with the external and local ports set the same and no special outbound configuration.

  • Nat in failover works only when the WAN1 is up

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    _

    nobody have any suggestion?

    new test:
    Wan1 (PPPoE) off, try to telnet from outside to port 25 on WAN2 IP. The correct rule is trigged:
    The rule that triggered this action is:
    @94 pass in log quick on bge0 reply-to (bge0 10.10.10.1) inet proto tcp from any to 192.168.1.7 port=smtp flag S/SA keep state label "USER_RULE:NAT SMTP FROM WAN2"
    but the packet don't pass…
    same test with WAN1 ON, the same rule is trigged and the packet correctly pass..

    Thanks

  • Port Forwding not working whatsoever

    Locked
    15
    0 Votes
    15 Posts
    6k Views
    G

    @jimp:

    @greatmen:

    bcoz, two treads for 1 same issue with only different tittle isnt kinda spamm?

    No, because your problem is not the same as the original poster's. It may seem similar, but it's still a separate issue. It's considered hijacking someone else's thread.

    im sorry, it used to be like that in other forums… ill leave this thread.

    good luck to the thread starter!

  • VPN Client Cannot Connect Through pfSense

    Locked
    32
    0 Votes
    32 Posts
    26k Views
    R

    Ok while adding the static port entry on both interfaces got it working, it only stays working for about 2-3 hours.  Then you have to reset the state table to get it to connect again.  Anyone have an idea why that is?  For obvious reasons, resetting the state table is not a viable workaround.

    Thanks,
    Roy

  • Client IP wrong on DMZ-Apache logfiles

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M

    No one with an idea ?

  • 0 Votes
    9 Posts
    4k Views
    B

    NAT reflection doesn't seem to work here either, my NAT rules are also using aliases, have tried with IP addresses too but that didn't work either.

  • Port Forward Troubles *solved*

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    S

    Will give it a whirl when I get back to the office in a day on Saturday. Thanks.

    BTW, bought the book and I'm reading through it. So far so good :)

  • Special config for port frwds via CARP?

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    N

    I think I've figured it out.  The problem was with an alias I'd created.  I didn't know that VNC is a built-in alias for port 5900, so I created one with the same name and port number.  The last time I switched over to the pfSense cluster, the VNC connection port forwards were the first and only things I tried; when those didn't work I assumed that no port forwards worked.  So today I selected VNC from the drop-down instead of typing the alias I created and packets were allowed through (to the firewall at least; I was testing this with a notebook on a fake WAN) where before they were being dropped by the Default Deny rule.  All apologies for my carelessness.

  • NAT Enable/Disable Checkbox

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ

    Why not simply enable or disable the firewall rules that allow traffic to the NAT entries?

    Or are you switching a single port between multiple internal systems?

  • PFsense and CS:S Dedicated Server Need help!

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    B

    My outbound NAT is setup like this atm, does it look correct?

  • Outbound IMAP/S from LAN dies

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    C

    You may want to create a firewall rule to explicitly allow connections to your imap server on port 993 and turn on logging. Watch the log to see if packets are going out after your connection attempt times out.

    You could also use Diagnostics: Packet Capture to find out what's actually transacting.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.