Well why didn't you say that from the get go? The correct solution then is to just use pfsense as transparent firewall.

This seems to be a problem with browser sending wrong info.. There have been few posts like this as of late.. there is no MAC address anywhere in a port forward.. So your browser is sending bogus info that yeah messing with the form.. Clear your browser cache..

I asked about what the "security reason" was, but he could not tell me..:P And he instructed me to use port 8080 instead.. which is as much spammed as port 80 I guess.. They do not state in their website that any port is blocked by default or any thing about security for that matter.. I have put in a special request on opening port 80, we'll see how that goes.. As for my buddy, I don't really know, probably don't have the latest update is my guess.

i have now setup each servers interface with the wan-ip example Server1: IP: 85.245.122.50 Gateway: 85.245.122.49 I have configured a 1:1 NAT external IP 85.245.122.50 to internal IP 85.245.122.50 this works. Is this not the same like FULL NAT? when a computer from the local network 192.168.1.1/24 is going in the internet, the WAN-IP-Address should be always 85.245.122.54. how do I have to do this?

After installing 2.4, the rules seem to be working again.

Port forwarding works fine and has for years and years and years. It's you. It is not a bug. Really (really) check everything on the list here. Don't just look at it and say to yourself, "that does not apply." https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting Really check everything. Really. Really.

The pfSense web server listens on each IP assigned to any of its interfaces.

Dude you have a rule on your wan that is ANY ANY…  WTF dude??? Why?? You have a /16 on your wan?  Why?? Why does your vip have  /32 mask if your network is /16? Why does your wan not have any gateway?  If your wan has no gateway... is nat even on?  Post your outbound nat tab.  What IP are you trying to hit this VIP ip you created from? Why do you have Pure Nat selected for nat reflection.. Do you really want/need Nat reflection?  Are devices on the 192.168.1 network going to hit the WAN IP to get reflected back in to the 192.168.1 network via port forward? Where is this drawing I do not see it... But so far this just looks completely borked!

At first you have to add the fictive server address 192.168.0.1 to the pfSense LAN interface as an IP alias. Firewall > Virtual IP. Then add a port forwarding rule: interface: LAN Protocol: <set it="" to="" match="" your="" needs="">source: 192.168.0.100 Destination: 192.168.0.1 Destination port range: HTTPS Redirect target IP: 1.2.3.4 Redirect target port: HTTPS That should work for you.</set>

@selea: More threads about it - easier for people with the same problem to find :) Maybe you can change your head line: Clear browser cache resolved pre-filled fields…. eg Clearly there is no issue with 2.4.

Use WAN port on pfSense for SSH and forward it to the webserver.

@Derelict: Outbound NAT on the LAN interface will accomplish that. Firewall > NAT, Outbound - Switch to Hybrid outbound NAT Add a rule: Interface: LAN Source: 212.0.1.2/32 Destination: 192.168.0.10/32 NAT address: Interface address This is working flawlessly (the log also says so). Thank you for bringing me a better understanding of PFSense. (ofcourse the source, 212.0.1.2 is set on "any") There is another use case for this such setup. On my Windows Server (It could also have been CentOS, s specific NVR runs on Windows only), I have running a VPN Client (OpenVPN) towards a VPN service. Default Gateway is set to the VPN Service by OpenVPN (that is actually perfect). Having running services on the Server (NVR), it would not be accessible anymore from the Internet via PFSense without the Outbound NAT solution on the LAN interface. Because Local LAN traffic is never routed to a Default gateway, in this case the Gateway of the VPN service ;) What kind of traffic has to go over the VPN? That is up to you :) edit: for other readers, you still have to configure NAT by using the "Port Forward" method + adding the outbound configuration. edit: why not, a drawing [image: Drawing2.jpg_thumb] [image: Drawing2.jpg] [image: Drawing1.jpg] [image: Drawing1.jpg_thumb]

Quick. If you are going to blame pfSense describe the passive FTP process without google, etc or wikipedia.

@krackpot: @xelibri: Has anyone managed to make RB6 Siege's NAT to be rather moderate instead of strict? Ubisoft has update game's port documentation https://support.ubi.com/en-gb/Faqs/000023138/Connectivity-issues-in-Rainbow-6-Siege and even after opening all these ports (except 80 and 443) the game still says my NAT is strict. I've tried to hunt the actual prots by checking the logs but it rather uses a huge range of ports or I just couldn't find it propery. ps. I've tested with Windows' Firewall off and id had no effect what so ever. I have, it shows up as Moderate NAT now. Followed the instructions at the Gaming subforum Sticky Topic: "Problems with a game? TRY THIS FIRST" @ https://forum.pfsense.org/index.php?topic=6042.0. After changing, it went from Strict to Moderate. Not sure if it's needed, but I also kept UDP 6015 and TCP 14000 + 14008 Port Forward rules under Firewall > NAT. So I believe I implemented these changes correctly but I am still receiving the "Strict NAT" type in Rainbow Six Siege. The only thing that has given me open NAT so far is to Enable UPnP & NAT-PMP in services. I'm attaching a picture of the NAT rules as they are right now. Let me know if you have any ideas for solutions or need more info. [image: rainbowsixnat.PNG] [image: rainbowsixnat.PNG_thumb]

I'll try to explain it a bit better. Take a GRE tunnel for example, I have one connecting my home pfSense to my pfSense VPS in Maimi, FL. With that GRE, I can route my traffic from my server (Let's say video game server, like Half-Life 2) through it, changing the IP of the server that the players join. My question is how to NAT a game server to go through the VPN from the client to be displayed as the VPN Server's IP. I don't redirect gateway, since it's pretty much a dedicated VPN to route only server traffic through.

Yes you can install reverse proxy package on pfsense to provide that function, ie look at fqdn your trying to hit and send to specific IP behind pfsense.  The section Grimson linked too is prob the better place for such questions..