• NAT problem on OPT-WAN

    Locked
    16
    0 Votes
    16 Posts
    6k Views
    S

    I thought about this, but I'm not sure wether it'll work. But since the firewall part also works with bridging, I see no reason why it wouldn't work. Apart from it being theoretically possible, why would you want to perform NAT on public IP's?

  • At a loss … IAX2 through pfSense

    Locked
    7
    0 Votes
    7 Posts
    5k Views
    B

    Hey you didn't waste my time. I appreciate the help!

  • Active Ftp Client on LAN

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    jimpJ

    @cvantassle:

    I have an ftp client that is on my lan. I have to connect to a remote ftp-server that only will accept active ftp transfer. I was wondering if there was a way I could setup PFSense to operate a transparent Active FTP proxy?

    The FTP helper is an FTP proxy. If you have the FTP helper enabled on LAN, it should work.

    You can do a packet capture on WAN and LAN to see if the port is being translated correctly, and check the output pf ps from the console to see if pftpx is running.

  • Nat & ssh problem

    Locked
    40
    0 Votes
    40 Posts
    21k Views
    T

    Hi @ll

    I was able to reproduce this too meanwhile. I agree that both features should be working
    at the same time as the CP is a really brilliant feature
    Does anybody know if the developers are working on this ?

    cheers thafener

  • SNAT (or sth similar)

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    D

    Sorry, but this is a little too vague and confusingly worded.  Can you clarify?

  • Port Forwarding with Virtual IPs and multiple external static IPs

    Locked
    24
    0 Votes
    24 Posts
    29k Views
    O

    Sorry - I misspoke - you may need virtual IPs, if you're doing the equivalent of "1:1 NAT" on your modemrouter - and have multiple virtual IPs in that same private address space on your pfSense box WAN.

  • [solved] How to disable nat from lan to wan

    Locked
    5
    0 Votes
    5 Posts
    6k Views
    X

    Thank you, it works.

    Operations :
    Go to Firewall –> NAT --> Outbound

    Check Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)) and Save

    A new line appears with LAN Subnet, click on the edit button and Check the first box to disable NAT :

    Enabling this option will disable NATing for the item and stop processing outgoing NAT rules.

    Click on Save and Apply Changes.

  • Full access to ftp server on WAN only works if no static assigned

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Accessing the GUI from the WAN port

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    L

    Ok, thanks.

    I did it through NAT, but this copies across to the firewall rules anyway.

    I have deleted the NAT entry which should have left the firewall rule?  I can no longer access the GUI remotely now, so can't alter anything else until I am back on site!  Whoops!

  • SOLVED: FTP server behind pfsense without helper

    Locked
    9
    0 Votes
    9 Posts
    9k Views
    S

    Problem solved. I didn't mention that the server running Filezilla is Win2003 DC with RRAS enabled. It seems that RRAS has some kind of FTP helper/filter too, and it must be playing with IP addresses. I tried a few different FTP softwares, and the result on this particular machine was the same.

    I didn't want to waste any more time on this, so I just moved FTP server to another machine without RRAS. No more problems, passive works as it should.

  • Should I use 1:1 NAT or no firewall for outside servers?

    Locked
    19
    0 Votes
    19 Posts
    8k Views
    S

    Here's what I have so far based on the advice you have all given:

    LAN is configured as vlan0 (192.168.0.1) (VLAN ID: 1)
    OPT1 is configured as vlan1 (192.168.1.1) (VLAN ID: 2)

    Server is assigned 192.168.1.2 and has 1:1 NAT to a public ip address.

    OPT1 Firewall rule:  DENY OPT1 -> LAN
    OPT1 Firewall rule:  ALLOW OPT1 -> any

    Does that sound right?  This allows my private LAN to connect to my server (using it's internal network address [192.168.1.2]), but denies connections from the server to my LAN.  I'm not sure how safe this is but seems like the correct method for what I want?

    (NOTE: I don't need to connect to my server using it's public ip address.  I only need to be able to connect to it from my LAN).

  • NAT timeout values?

    Locked
    3
    0 Votes
    3 Posts
    7k Views
    A

    OK, thanks jimp.  Will stay with conservative.

  • Can't open outsite cpanel

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    N

    cpanel outsite from LAN. i try to using bypase from firewall and i can't login just using normal router modem.

  • Creating another IP address to use in email

    Locked
    10
    0 Votes
    10 Posts
    5k Views
    T

    Thanks overrand,

    If I am going to setup 1:1 NAT do I have to remove the Port Forward that I was previously setup for this specific External IP ? Also how do I setup a firewall rules on 1:1 NAT?

  • Redirection doesn't work when using PPPoE on WAN Interface

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    E

    Actually, it sounds like cyanatide means that the web server cannot be accessed by the WAN IP from internal hosts.  The usual behavior for this would be that it would end up at the web server on the pfSense system rather than the web server the port forward would redirect to.  NAT reflection probably has not been enabled yet.

    cyanatide:  Do not enable NAT reflection without changing the external address field on your port forwards to something other than "any" or you will lose access to the web GUI on the pfSense box and to any external systems on those ports, as it will end up forwarding all connections on those ports to your web server (on 1.2.3 or earlier).

  • Portfowarding not working

    Locked
    28
    0 Votes
    28 Posts
    9k Views
    S

    i figured it out the qwest people told me the wrong ip range 67.40.148.249-253 its supposed to be 67.40.184.249-253 i noticed it when i was looking in the interfaces wan section lol. thanks for your help

  • HELP! Need to know Best/How-to give clients WAN IP's from ISP via pfsense

    Locked
    10
    0 Votes
    10 Posts
    6k Views
    I

    Thanks so Much guys! I appreciate it. I will take your advise and well appreciated for your opinions.

  • PPOE DSL Setup

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Port Forwarding FROM and TO internal hosts?

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    jimpJ

    It's a limitation in the underlying firewall software, but it's also considered a best practice to keep such a server in a separate trusted subnet away from untrusted clients.

  • SIP adapter behind pfSense - it works, but WHY??

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    F

    Hi Casey,

    Nope.  At first I did, until I did a Factory Default as mentioned in my original post, which reset everything, including wiping out siproxd.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.