• NAT help with SRCDS

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    N

    I'll focus on the second case for now, since it's easier to explain.
    It's definitely some issue on the pfSense box, whether it be a bug or config problem. I'll try to clarify a bit:

    Basically, I have a machine (A) on the LAN making a request to another machine (B) on the LAN using an external IP that has NAT reflection enabled. When the UDP packet goes out on A, it hits the router (R), which from what I can tell, copies the packet and sends to machine B with R as the source. Machine B then correctly replies to the packet back to R, but then it seems to be dropped and never gets forwarded back to A.

    The packet capture from before shows exactly that. I've confirmed the same results using Wireshark on both machines (essentially tcpdump on Windows).

    Edit: I should also add that I can't use the split DNS option. Since this uses the steam service, they refer to all servers by IP afaik.

  • Client machine is not using pfSense as its default gateway

    Locked
    11
    0 Votes
    11 Posts
    8k Views
    C

    @timb:

    I am currently testing pfSense and ran into an issue with a simple http port forwarding rule. I followed the Port Forwarding Troubleshooting guide and found that the problem was related to common issue 3 - "Client machine is not using pfSense as its default gateway".

    I was wondering if someone could explain this limitation. Also, is there a workaround?

    It's basic networking - if the reply traffic isn't going to go back to the firewall, as it won't in such a scenario, it can't send it back to the Internet. ISA is a reverse proxy in that scenario, the traffic is sourced from ISA, not the remote public IP.

    Efonne's work around would suffice but is ugly, better not to NAT like that where you can avoid it. A better deployment with ISA in most cases is to not use it as the default gateway but just as a proxy/reverse proxy.

  • VIP Port Forward or 1:1 not working

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • "Disable NAT Reflection" versus "smtp 550 5.7.1 Unable to relay" - SOLVED

    Locked
    17
    0 Votes
    17 Posts
    10k Views
    W

    Thanks Efonne!  That's the great thing about open source projects, the product can get continuously improved based off of community feedback.

  • NAT Reflection Port - Help

    Locked
    18
    0 Votes
    18 Posts
    8k Views
    G

    isn't the issue that the web server is looking at the host address in the html header not the IP transmission info?

    In reality, the request could appear to be destined for any IP address but the destination address typed in the browser must be http://98.169.xxx.xxx
    In the same way you use host header info to host multiple websites on one server.

    If the web server were configured to look for a host name rather than an IP address you could use Split DNS. If the webserver cannot be configured to do this you must either use NAT reflection or possibly some sort of HTML proxy to rewrite the HTML header?

  • Can't connect the internet using opt1 (Solved)

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D

    cool.

  • Polycom V500 not receiving video behind pfsense NAT

    Locked
    3
    0 Votes
    3 Posts
    7k Views
    S

    Hi michaelahess and to all pfsense users who are encountering problems with polycom V500 and their equipment in general with NAT.

    After researching in the internet for the solutions to the problem with my device above, I stumbled upon a posting for proxy arp. This solved it generally, but I also had the following settings:

    1. created a virtual ip with proxy arp for the WAN IP of the NAT router
    2. created the port forward rules for the V500 TCP and UDP ports and the TCP port from 17xx something to the internal polycom v500 machine IP

    I do hope this will help others who have this problem. I've been trying to fix this problem for the past 2 years and now I finally nailed it. I have promised myself also to give back to the community what I have learned as a pfsense user/admin with 3+ years experience in using pfsense as a router with various services enabled for our campus network.

  • Xbox Live and Cone/Symmetric NAT

    Locked
    3
    0 Votes
    3 Posts
    10k Views
    K

    If you can make the client machine to use a fixed source port for outgoing connections you can then write an advanced outbound NAT rule for that client machine that matches the client ip and source port with static port option turned on. If the source port can not be controlled then I don't think pf can do "cone" NAT as described.

  • DMZ -> NAT Portforward -> LAN does not work !?

    Locked
    9
    0 Votes
    9 Posts
    5k Views
    D

    Couldn't hurt.

  • Port Forwarding is not working

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    B

    Double check the window firewall.  Try turnning off the window firewall to make sure.

    Then, Reboot the firewall state.

  • Configuring Transparent Mode

    Locked
    28
    0 Votes
    28 Posts
    9k Views
    G

    Hi, sorry I didn't get back to you sooner, I was not able to reproduce the error to run a packet capture - I'll make sure to run capture it if it ever happens again.

    Thank you again for all your help!

  • Outbound PPTP not working

    Locked
    8
    0 Votes
    8 Posts
    5k Views
    P

    even if I turn off pptp server, I still cant get it to connect. Its going in and out

  • Can't access VIP from inside LAN

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    J

    Hmm ok all i did was enable NAT reflection in advanced setting and it seems to be working now :)

    However no new rules have appeared in the "Outbound NAT" section, or anywhere for that matter - is this normal?

  • Teamspeak 3 Server Port Forwarding

    Locked
    4
    0 Votes
    4 Posts
    21k Views
    GruensFroeschliG

    Like this:
    http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

  • NATTing can't be this hard

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    fixed it myself, maybe.
    standard 1:1 natting worked, EXCEPT for VOIP.

    tcpdump shows packets going out the right ip, static and all, but the PACKETS (SIP info) contained the wrong 'reply-address' (contained the public ip for the WAN)

    I deleted the 1:1 natting for the voip, and entered a manual inbound (portmap) and outbound rule,set them for 'static' and moved the outbound rule above the default manual natting rule.

    don't know who or what was messing with the sip packets, but the packets themselves were being rewritten.

    (that and I might have gotten it right, but was missing a firewall rule. :-(

    Great product, lots of features, but NATTING could use its own book.

  • L2TP\IPSPEC with preshared key passthrough

    Locked
    10
    0 Votes
    10 Posts
    11k Views
    P

    It works now…. its not 1.2.3

    Do this on the server and client and you should be fine... it just took some time to take effect
    and I forgot todo it on the client computer also
    http://support.microsoft.com/kb/926179

  • 1:1 Nat setup - 1 Public directly to 1 Private - Help please?

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    jimpJ

    You can't do 1:1 NAT if you only have one WAN IP. It doesn't work that way.

    You just need to forward the appropriate ports to the unit, and perhaps set a manual outbound NAT rule to match its IP outgoing and select 'static port' on that NAT rule.

  • [SOLVED] Port Forwarding IP Camera

    Locked
    21
    0 Votes
    21 Posts
    22k Views
    B

    Just disabled the whole Outbound NAT.

    You are right.  A simple Firewall State Reset was all it is needed.

    thanks.

  • Network Drives

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    D

    puzzled here.  if you did a default pfsense install, then anything going to the school network should be NAT'ed to their network and should work.  reading between the lines, it sounds like you disabled NAT or something (not sure what else would 'disable protection of the internal LAN.)  if this is the case, likely the issue is that their hosts don't know how to reach your 192.168.1.0/24 subnet.  you either need to have them route that subnet to you (in which case you want a static WAN IP), or just use DHCP&NAT.  am i missing something here?  is there a specific reason random hosts on the school network need to be able to connect to your private LAN?

  • Static Ports, Hamachi and specific ports

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.