• Multiple NAT

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    GruensFroeschliG

    ~~Create two rules:
    1: allow, source 123.123.123.123:any, destination 10.10.10.10:80
    2: allow, source 111.111.111.111:any, destination 10.10.10.10:80

    Of course you have to delete the autocreated firewall rules. Otherwise anyone will be allowed.
    For the source you could also create an alias containing all the sources you want to allow and then use this alias as source.~~

    edit: i see now what you mean.
    I dont think this is possible with the gui.
    But why would you want something like that?

  • Outbound NAT stops mapping correctly

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    You could stop using 1:1 NAT.
    Simply forward normally the ports you need and create your own advanced outbound rules for your server.

  • FTP help for a newb

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    E

    Basically, it really is as easy as "Option 1", in the top sticky.

    Set up the "helper" on the WAN interface.

    Forward FTP using NAT rules, to 192.168.0.200.

    Done.

    If that doesn't work, what do you see, from the FTP client perspective, your FTP server, and in the pfSense logs.

    Cheers.

  • Newbie using NAT Please Help me..

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    F

    i already got it.. now it is working the problem is i didn't enable the NAT Reflection under Advance setting.. hahaha! really simple thing, but i learned something.

  • Reflection? / Port Forwarding to keep traffic inside office?

    Locked
    18
    0 Votes
    18 Posts
    6k Views
    E

    If you had another network interface, you could connect the server to this other interface and use your port forward rule and it would not apply to the server's outbound connections.

    Hmm, thinking about it, there are multiple things that aren't available for port forwards but are available elsewhere that could be useful.  Options like source address or schedules could be potential solutions in this scenario if they could be used on port forwards.  It seems like the available options may have been decided mainly based on how it would be used on the WAN interface, though.  It probably is very uncommon to be forwarding to a different internal address based on the source address from the internet.  As far as schedules, the firewall rule can block connections that would go to the port forward on WAN during the scheduled period, so it probably wasn't considered that people might want to have schedules for the port forward rules themselves.

  • SIP behind NAT in PFSENSE 1.2.3 RC1

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    M

    Yes, I do have one FW at home, the other one wt work and both pfsens' 1.2.3 RC1
    At work, Aterisk is behind pfsense. Port 5060 is nated and FW rules are set as shown on pictures.

    Asterisk has SIP_NAT.CONF configured correctly to show external IP on outside.

    Phone is Astra 57i and uses port 5060 as the extension on Asterisk - 5060. Why that line can't register with Asterisk.

    Aastra 57i –----pfsense-----WAN-----pfsense------ASterisk

    SIP can be max twice nated so it is. It should work..... it should..... but it does not. If you can provide one working example that I can compare and check WHY and WHAT is wrong with mine configuration would be great.

    MST

    pfhome_fw_rules.JPG
    pfhome_fw_rules.JPG_thumb
    pfhome_nat_in.JPG
    pfhome_nat_in.JPG_thumb
    pfhome_nat_outbound.JPG
    pfhome_nat_outbound.JPG_thumb
    pfwork_fw_rules.JPG
    pfwork_fw_rules.JPG_thumb
    pfwork_nat_in.JPG
    pfwork_nat_in.JPG_thumb
    pfwork_nat_outbound.JPG
    pfwork_nat_outbound.JPG_thumb

  • Can i restrict the number of ports for NAPT configuration

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    B

    Firewall > Rules > LAN > add new rule
    Set the action to Pass
    Set the Protocol to TCP/UDP

    Click Advanced Options
    Set the Simultaneous client connection limit to 100 and click save.

    Then create a new firewall rule after that one to block all of the traffic. This is because once the connections are maxed out for that rule, the traffic continues through the firewall rules.

  • One way audio from internal external is fine

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    E

    I got this working by adding an extra line of localnet in sip_nat.conf

    Mine now looks like this:

    nat=yes
    exnternip=xx.xx.xx.xx#(my static ip)#
    localnet=10.0.0.0/255.255.255.0#(subnet of asterisk server)#
    localnet=10.10.10.0/255.255.255.0#(subnet of lan where sip phones are)#

  • NAT 1:1 bimap dmz ip to public ip

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    A

    Hi Jimp,

    Thanks again, after verifying that the gateway being used was indeed the firewall and then deleting and creating carp ips, everything works now for suree. The only problem now is that we use to have a mail server that would receive and send mail back out, however it does not work, however I think thats a topic for a different trend, so once again thanks much

  • Carrier Based SIP with Mutiple Phones

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    K

    siproxd does not work either.  I am beginning to think it may have something to do with TFTP, after taking a closer look at the phone config.

    What baffles me most is that these phones work with out of the box installs of m0n0wall, and any consumer router I have tried from Belkin, Linksys, Netgear….

    What is the fundamental difference?

    Is anyone using pfense with Spirit Telecom's products?
    http://www.spirittelecom.com/voice_sipflex.php

  • Need iChat to work without NAT

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    GruensFroeschliG

    With NAT off, you are not doing NAT and thus dont need the "static ports" option.
    Without NAT the pfSense is not rewriting the ports.
    Did you make sure you have appropriate firewall rules in place?

  • MOVED: Redirect www traffic to other IP for clients from snort2c table

    Locked
    1
    0 Votes
    1 Posts
    988 Views
    No one has replied
  • Public LAN, Public WAN nat Problem

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    D

    try rebooting.  i know it isn't windows, but still…

  • Port Forwarding not working on a SDSL line from some sources

    Locked
    11
    0 Votes
    11 Posts
    5k Views
    B

    Thanks for your help!

    The problem seems to be solved after I have applied the hint from Perry. The SDSL line is a SIS NIC, but than the internal net to the webservers is a Realtek 1GE NIC and it seems it has exactly the checksum problems. After disabling Checksum Offloading is seems to work fine.
    I suppose there is a incompatibility between CISCO routers and Realtek NIC's, because I have figured out there are CISCO routers at the endpoint from the customers.

    Thanks a lot!

    @danswartz
    I saw a lot of the rules.

    pass in quick on sis0 reply-to (sis0 141.16.150.XX) inet proto tcp from any to 192.168.10.250 port = http flags S/SA keep state (source-track rule, max-src-states 10000, max-src-nodes 100) label "USER_RULE: NAT http Website"

    Yes the ADSL is the default gateway. I think today I will switch it to the SDSL line, because I have another problem binding openVPN to the SDSL interface. (I'll start another thread soon :-))

  • DNS issue?

    Locked
    12
    0 Votes
    12 Posts
    4k Views
    J

    well what to say they where for eastern Europe  ;D

    So that means that i fucked up using 100.0.0.0/8 ???
    then please accept my apologize

    point was to use address pool that no one uses ….

    But, im playing little bit now with no name/some cheap routers with 4port lan switch and one wan interface (pppoe routers), and with NAT turned off they can route 100.0.0.0/8 :bag:

    I dont have to say that im on PFS from 1.0 version, and so far i can only say that PFS can get only 5+ from me !

    btw, it is off topic, but what is minimum hardware req for 6x PCI NIC 1GBPS ?
    i found this
    http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49

    3ghz+?
    i think i didnt get it right...

    And, Gruens, Sir, thanks!

  • Using Public IPs and NAT

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    C

    got it..
    might try to play with it, but will probably have to update all my rules and be on location in case something goes wrong

  • How to make outbound NAT to be send using static ports?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    B

    Please use the search function. This has been covered many, many times.

  • Public IP on DMZ?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    K

    OK, so far i manage to ping from LAN to DMZ and to WAN.
    Apparently, when I assign 3 VIP to the DMZ interface, ifconfig only shows the last VIP, not 4 (it should be the original DMZ IP and 3 VIP). Reassigning DMZ IP work (but only 1 VIP)
    I still can't ping DMZ and Inet from other network connected through LAN network.

  • Nat is not forwarding ports properly from external ips to internal ips

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    B

    Do you have a NAT network behind your pfSense? Is your surf computer in a translated network? Can you draw a little network diagram?

  • Wan and wan2 help

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    X

    so you want xbox to use 3rd connection for Internet  but still access other videos on other lan(s)?

    the easiest would be to have it on its own network (due to the 2 wans load balancing), let it access only the wan3 and the lan. this only works if you can add another inf to pf. theres another way but its harder.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.