How about you pose all of those screenshots instead. @mars said in TCP doesn't work through 1:1 virtual IP: 1:1 Virtual IP to LAN IP 192.168.7.100 Outbond 192.168.7.0/24 * * * Virtual IP public * I do not know why you would do this. 1:1 means just that. 1:1. It looks like you are also trying to outbound NAT the whole /24 to the same VIP which should work fine. But I honestly do not know what would happen in that case. @mars said in TCP doesn't work through 1:1 virtual IP: WAN rules IPv4 TCP/UDP * * ->LAN Net * * This also makes little sense.. You should be passing traffic to 192.168.7.100, not LAN net.

Enabling NAT Reflection fixed my issue.

Thanks that did the trick on the shared frontend had to add that and on the redirect to HTTPS sections Thank you so much

I found the solution with this rules : [image: 1530282966945-fcfe0fcc-c0bd-4fef-8c62-7f79c5065c3c-immagine-resized.png]  Thanks ... Andrea

@johnpoz said in Port forward issue: @valnurat said in Port forward issue: I have been told that I can't do a port forwarding if I don't have a static IP. Is that true? Where exactly are you getting this nonsense?? In our community where I live.

Ok, i don't know what happened but i switched the WAN interface with another physical interface and it started working. At this point i thank you for helping me so much and i'll mark this thread as solved.

The only thing I want to do is access pfsense homepage remotely by using dynamic dns. Nothing else. Please tell me what specifics you mean

IS this a bug? Probably not. Countless people do the same thing. You'll probably have to give a more-specific example including screen shots, contents of the Alias/table (Diagnostics > Tables) before and after the new address addition, the port forward, firewall rule, etc.

NAT : https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html DNS : Start here https://www.netgate.com/docs/pfsense/dns/unbound-dns-resolver.html

You can for sure limit the source to your actual source out on the internet to get to this host your sending the nat too.. But if your putting in your actual wan IP, then as Derelict has stated - that is never going to work.

@napsterbater Thanks napsterbater. I was just trying to RDP/3389 as my first step to testing port forwarding on the pfsense router before adding any other ports but I didn't know that at&t was so sh***y to the point where they would block a passthrough/supposed DMZ'ed IP address to allow all items to that one address, but I should have known better. I wish another ISP was available in my location, i would leave them with the quickness. But to have to add port forwarding in my pfsense and then port forwarding in the Uverse gateway, is ludicrous and makes no sense for a DMZ'ed address. Thanks again fro the suggestion and I appreciate you alls time and help on this!

@shadowsong said in Force internal ip to connect to local service externally: I connect directly to IP:Port, so DNS is not possible. I never really understand such an answer - are you saying this IP and port are HARD CODED? That is borked! Or that you just have not setup a fqdn to resolve.. Do you not have access to the dns server your clients talk to?

take it that 100 is really a 10 and that just a typo ;) Glad you got it sorted

Well the sniff will prove it too them..

I started this but its long and got distracted with some other people trying to help. A Beloved Freenode user says, I JUST WENT THROUGH ALL THIS. Pfsense does not pass headers with NAT and you have to use haproxy to assist. The channel went ballistic on pfsense saying that is rather stupid and down right ridiculous pfsense does this and that NAT is layer 3 based and it should pass the packets unaltered. Guess im watching this whole video. :P

Solved! Since I'm a newbie to pfSense, I made a simple mistake. The 1:1 NAT was fine, but in my manual firewall rule I entered the public IP rather than the DMZ IP. Everything is working now include BINAT. Thanks for your help and patience!

In such a case you should be able to access the 192.168.1.x/24 IP from 192.168.3.x/24 because pfsense would nat your 192.168.3.x traffic to pfsense IP address in 192.168.1 If you do not nat this then yes you would run into a problem. You have to make sure you setup outbound nat on the 192.168.1 interface so that traffic coming from 192.168.3 is natted to the 192.168.1 address of pfsense in that network. You would also need to make sure your not forcing your lan traffic out your specific wan dhcp gateway (ie your public connection). You need to leave the gateway on your lan as default or put a policy route above it to use your 192.168.1 interface when wanting to go to 192.168.1