It's both TCP and UDP. After reading that link, i restarted the server which fixed the problem, it's now responsive on port 49998. And i changed the TIME_WAIT delay in regedit to 100 secs over the default 240 secs. Hopefully that will permanently fix it. But at least i've found out that this is probably a 2012 server problem, so i got that going for me.

It depends on what you are using for the pool and the options picked in the GUI. If you used a host alias with a few IP addresses inside, then all it can do is round-robin NAT that. So one time it gets address x.x.x.a, then x.x.x.b, then x.x.x.c and so on for each new state created from that NAT rule. If you used an entire subnet definition and you choose "random" then it would do what it says and pull an address randomly from the subnet.

There is nothing special about forwarding that port compared to any others. What part is "not working"? How are you testing it? Where are you testing it from (client on WAN or on LAN)? Run through all the suggestions and tests at https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Round robin in that case. Tell him that is fine. It will appear random. Stop overthinking and micro-managing.

Can anyone answers my questions. Please. I've already followed the articles at the following links: https://doc.pfsense.org/index.php/VoIP_Configuration https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to https://forum.pfsense.org/index.php?topic=108318.0 but still no luck. 172.16.0.x is my PFsense box for headoffice 172.16.1.x is my PFSense box for remote site. 172.16.0.2 is my VOIP/Elastix. All IP phones in 172.16.0.x is working well but in 172.168.1.x all IP phones are not connected. It was working before.

Regarding opnsense, only using the documentation for the transparent bridge as a bit of a primer to get me started with pfsense! When I was testing the transparent firewall, I had it placed between the USG and the switch. All downstream PCs picked up DHCP and saw the USG as the gateway, but I couldn't get the pfsense box to connect to the internet. I tried adding static routes for the bridge interface and even added a separate USB NIC as a management interface, but it too couldn't connect to the internet. I have a feeling it may be because I turned off NAT when I was creating the bridge. Do you think I just needed to add a NAT rule?? Thanks so much by the way, the more I reading, the more I'm learning.

You cannot forward a single port (53) to more than one destination. Use pfSense DNS Forwarder (or DNS Resolver in forwarding mode) and have it query the OpenDNS servers. This is not a NAT issue.

"If every computer and PLC has different ip address we have to configure them every single time individually." Nonsense…  I have been in countless class be it with real hardware and or VMs where yeah the machines are re-imaged between classes or even on the fly if a student messes up.  They sure didn't use the same IPs. Students where given their specific IPs to use before class, etc.  This is the whole point of dhcp where you could hand out specific IPs to the devices as they boot up, etc.  If you want your PLCs to be on specific IP and they can not be dhcp.. you could always just but them on a host only network where each host has its own network that is 192.168.x/? with a 2nd nic that way these interfaces could be 192.168.1.1 for PC and .2 for the PLC, etc.. 32 VM copies of pfsense?  On what each machine??  That just seems nuts!! How about you give us some more details of the hardware your working with, etc.  And we figure out a better way to do it other than 32 VMs running pfsense just so you can put a nat behind them all using 192.168.x

If all you're doing is providing local host names, you don't need DynDNS.  pfSense has 2 built in DNS servers.  Just configure your local names there.  You can even have DHCP pass the names to the DNS server.

weird… it just started working.  I turned on NAT reflection but initially (as I described) it did not work from the host machine that the port was getting redirected to.  now it does.

Ok, it is working now! My initial config was correct, but an old bug form pfsense (2015) came into my way: https://redmine.pfsense.org/issues/5319 Charon didn't restart correctly and i had to kill it manually. After that, he reloaded the config correct and it is working now. So the problem was that Charon didn't restart / reload the config :/ Thanks for your help anyway

They are running sunOS 4.1.4 - they use rlogin still  :'( LOL, I virtualized one of them just out of concern of the age.  We are terrified when we have to reboot them! -Mike

@Derelict: In order for your WAN to be able to access the internet either they will have to NAT for the private address you are using on your WAN (which is what they probably should be doing, absent what they REALLY should be doing - giving you real, routable IP addresses for your WAN interface). You might be able to add an IP alias VIP from the /29 on your WAN interface and tell pfSense to outbound NAT certain traffic from the firewall outbound using that VIP. you will need to NAT at least DNS, HTTP, and HTTPS for package manager and updates to work I think. It's a kludge but so is the configuration they gave you. Perfect. I was able to download openbgpd with a config like the one that you referred.

I think you need to rewrite this post with more detail?? But from what you have above could you not just have an alias with a group of internal webserver addresses or a designated subnet (assuming only one internal address will be using the nat rules at any given time)

your pfsense wan is private IP, ie its not public. So there is something in front of it doing nat.. Your other router or isp device is changing your public IP to the is private (rfc1918 address) "Wan - 192.168.1.67 (DHCP) - i get this ip from my router " So you need to make sure you forward whatever it is you want to forward on that device to pfsense wan IP. Since you will be sending traffic to rfc1918 (your pfsense wan) you will need to make sure you uncheck the block rfc1918 on wan.