Thanks for you update. I have implemented it by using proxy Linux instance which is doing port forwarding.

Hi i've got the same problem, i can NAT my OpenVPN Client with a PfSense virtual IP only with my Local LAN, it doesn't work over remote Ipsec Network. I've got 20 Ipsec VPN tunnel and i can't create addition Phase2 on all tunnel. Bye Gabriele

Thanks, after some testing it turns out my $30 access point is a pos.. Thanks for quick reply!

Thank you, I presumed as much but wanted to make sure.

Well.. that's good to know! There have been a few come by with Fritzbox issues that I wonder if this wasn't their issue.. Glad ya got it working.

Found a manual (meaning outside of standard config / package) and hacky workaround, would love to hear of any improvement over that :) Create a user in pfsense's User Manager, enable SSH access for that user with a password-less SSH key login (I'm aware it's risky, extra precautions below). Create a script in the home user dir, show_wan_ip.sh, containing: #!/bin/sh ifconfig mvneta0.4090 | sed -n '/.inet /{s///;s/ .*//;p;}' Edit ~user/.ssh/authorized_keys and add the following before the key: command="/home/user/show_wan_ip.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty This can be executed from the (less trusted) PC that connects to it over LAN: ssh user@10.100.1.1 "/home/user/show_wan_ip.sh" 192.168.1.10

I do have it set up with a second Phase 2. I just thought there could be a better way to achieve the same result without having to go through each of the sites and adding a P2.

Thanks viragomann, How good it is to have an external view. It was the captive portal blocking outbound Thank you very much

@NKOADMIN said in dose pfsense have soft NAT: @NKOADMIN After read the Netgate Docs I think I need to configure the Routing Public IP Addresses instead of NAT. I will give it a try, will post result here. Yes, Routing Public IP Addresses resolve my issue. now we got the correct result in Mxtoolbox Thanks everyone

@Gertjan said in PORT FORWARD NOT WORKING IN AZURE CLOUD SINGLE NIC PFSENSE FIREWEALL: port 22,80 and 443 port 22,80 and 443 not working, bcz I'm Only forwarded port 3389 for testing.

You are 100% correct sir! That was the problem indeed, thanks for pointing that out!

DNS rebinding and protection for it is something else: https://en.wikipedia.org/wiki/DNS_rebinding It sounds to me like you'll need to get your PC resolving the hostname to the LAN IP of the web server. (or the WAN of the pfSense, but you might as well just use the internal IP at that point)

@viragomann I think that's what NAT is on pf, DNAT is rdr (change destination ip and keep source). If I create an outbound rule, the resulting pf rule in /tmp/rules.debug is: nat on $LAN inet proto tcp from LAN_NET/16 to LAN_IP/32 port 22 -> WAN_IP/32 port 1024:65535 Which doesn't work. Interestingly, if I change the mask of the translation address to WAN_IP/24, it works, but the last octet of the public ip will be wrong (it will round robin over that /24 net). It also works if I set the translation IP to any other IP in the WAN_NET except the actual WAN_IP.