This can occur if the overall table entries exceeds the configured maximum table entries. pfBlocker uses some huge tables, so it will be required to increase this value. You can do this in System: Advanced: Firewall and NAT.

Glad to hear that I was of some help :)

I went through something very similar recently. It was regular NAT, not 1:1 NAT, but the same principle. My internal users couldn't access our email server or web server using the public server names.  I too ended up using Split DNS just as KOM describes it. While I would like to know why NAT Reflection didn't work for me, I am very happy I went with the Split DNS setup. In fact, it took less time to convert to Split DNS using BIND than I spent on messing around with NAT Reflection.

What do you have in your port forward list?

http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc%2FGUID-A9287D46-FDE0-4D64-9348-3905FEAC7FAE.html

Hi, mattb253, you've mentioned you're quite good in asterisk. I'm new to asterisk and have an issue, I wonder whether I can run it by you and see whether you can help. Regards, Aldulaimi

In general, you need to enable NAT reflection to access internal serves through the firewall's external interface, or run split DNS (you run an internal DNS server that resolves everything to local LAN addresses). As for Minecraft, if you can't seem to figure out what's going then do a packet capture when trying to connect and see what gets blocked.  I also run a Minecraft server but I do it via Linode.

Workstation on LAN accesses Webserver on VLAN by way of domain.com, dns call goes out to determine IP of domain.com = 24.111.111.111. Server should think request is from IP 24.111.111.110 (pub IP of LAN). Perhaps this should be accomplished with a static route?

no body?  :-[

I am finally able to call in both directions,  :), the final problem was the STUN which is needed in my case; without STUN the phone registers with its private IP. Unfortunately the forward is not working as yet. I'm not sure if I should open a new thread for that or not. Here is the description: Cisco phone is configured to forward all calls to a cell phone calling the Cisco phone redirects to the cell phone, but it's either   - not ringing, instead I get the "switched off behaviour", which is voice-mail in this case   -  ringing once, then goes to voice-mail. If voice-mail is not activated, the message is the "The phone.. is currently switched off". My ISP says the call get redirected correctly to the cell number.

You also need a firewall rule on your WAN port allowing that traffic to traverse from outside in.  Do you have that? If you do have the rule turn logging on for that rule then check the firewall logs to see if the connection shows there.

Sometimes topic owners edits the subject (or a moderator does it), and adds [Solved] to the beginning, but I don't think it's a written rule that says you must do so.

4.5 edit manual outbound nat rules setting both LAN3 rules to "NAT Address" of ippublic2.

I also have some more questions that I'm hoping someone can help with (in particular i'm interested in UDP behaviour, but if you know of TCP based behaviour and any differences with UDP, that would be much appreciated!): 1. What is the behaviour of the NAT timer resets? (i.e. are timers reset only by outbound packets using a specific NAT binding or, only by inbound packets, or packets in either direction?) 2. Would I be correct in saying that by default, pfSense implements Symmetric NAT? 3. If yes to question 2, can it be changed to a restricted, port restricted or full cone variant of NAT? 4. If not, does it use a port restricted NAT? (From it's behaviour, I'm guessing it does not implement restricted or full cone NAT) 5. Does the NAT used in pfSense attempt to preserve the local host port during the binding process, if so, how rigorously? (i.e. does only the most recent request from of two local hosts on the same port bound, or does it produce separate bindings for each host?) 6. Is the NAT behaviour the same for all bindings (i.e. primary, secondary and tertiary bindings)?

ok its a certificate issue, i had to spoof the old wan's mac address onto the new wan interface card

Hate to talk to myself, but I just realized this could be potentially moved to the gaming forum. It also sounds like they have the solution over there.  Apparently the default pfSense behavior of "dynamic port" outbound NAT causes the problem.  UPnP still needs to be enabled, but it isn't the magic bullet that it was with the 360; the static port NAT option has to be turned on for the XBone. https://doc.pfsense.org/index.php/Static_Port Why the XBox One has problems with this and the XB360 does not, I have no idea (or maybe the 360 does, but the NAT tests it performs are just less thorough). I'm probably going to enable it for all of my Xboxen just to be thorough.  :)