The pfSense web server listens on each IP assigned to any of its interfaces.

Dude you have a rule on your wan that is ANY ANY…  WTF dude???

Why??

You have a /16 on your wan?  Why??

Why does your vip have  /32 mask if your network is /16?

Why does your wan not have any gateway?  If your wan has no gateway... is nat even on?  Post your outbound nat tab.  What IP are you trying to hit this VIP ip you created from?

Why do you have Pure Nat selected for nat reflection.. Do you really want/need Nat reflection?  Are devices on the 192.168.1 network going to hit the WAN IP to get reflected back in to the 192.168.1 network via port forward?

Where is this drawing I do not see it... But so far this just looks completely borked!

At first you have to add the fictive server address 192.168.0.1 to the pfSense LAN interface as an IP alias. Firewall > Virtual IP.

Then add a port forwarding rule:
interface: LAN
Protocol: <set it="" to="" match="" your="" needs="">source: 192.168.0.100
Destination: 192.168.0.1
Destination port range: HTTPS
Redirect target IP: 1.2.3.4
Redirect target port: HTTPS

That should work for you.</set>

@selea:

More threads about it - easier for people with the same problem to find :)

Maybe you can change your head line: Clear browser cache resolved pre-filled fields…. eg
Clearly there is no issue with 2.4.

Use WAN port on pfSense for SSH and forward it to the webserver.

@Derelict:

Outbound NAT on the LAN interface will accomplish that.

Firewall > NAT, Outbound - Switch to Hybrid outbound NAT

Add a rule:

Interface: LAN
Source: 212.0.1.2/32
Destination: 192.168.0.10/32
NAT address: Interface address

This is working flawlessly (the log also says so). Thank you for bringing me a better understanding of PFSense.
(ofcourse the source, 212.0.1.2 is set on "any")

There is another use case for this such setup.

On my Windows Server (It could also have been CentOS, s specific NVR runs on Windows only), I have running a VPN Client (OpenVPN) towards a VPN service. Default Gateway is set to the VPN Service by OpenVPN (that is actually perfect). Having running services on the Server (NVR), it would not be accessible anymore from the Internet via PFSense without the Outbound NAT solution on the LAN interface. Because Local LAN traffic is never routed to a Default gateway, in this case the Gateway of the VPN service ;)

What kind of traffic has to go over the VPN? That is up to you :)

edit: for other readers, you still have to configure NAT by using the "Port Forward" method + adding the outbound configuration.

edit: why not, a drawing

Drawing2.jpg_thumb
Drawing2.jpg
Drawing1.jpg
Drawing1.jpg_thumb

Quick. If you are going to blame pfSense describe the passive FTP process without google, etc or wikipedia.

@krackpot:

@xelibri:

Has anyone managed to make RB6 Siege's NAT to be rather moderate instead of strict?

Ubisoft has update game's port documentation https://support.ubi.com/en-gb/Faqs/000023138/Connectivity-issues-in-Rainbow-6-Siege and even after opening all these ports (except 80 and 443) the game still says my NAT is strict. I've tried to hunt the actual prots by checking the logs but it rather uses a huge range of ports or I just couldn't find it propery.

ps. I've tested with Windows' Firewall off and id had no effect what so ever.

I have, it shows up as Moderate NAT now.

Followed the instructions at the Gaming subforum Sticky Topic: "Problems with a game? TRY THIS FIRST" @ https://forum.pfsense.org/index.php?topic=6042.0.

After changing, it went from Strict to Moderate.

Not sure if it's needed, but I also kept UDP 6015 and TCP 14000 + 14008 Port Forward rules under Firewall > NAT.

So I believe I implemented these changes correctly but I am still receiving the "Strict NAT" type in Rainbow Six Siege. The only thing that has given me open NAT so far is to Enable UPnP & NAT-PMP in services. I'm attaching a picture of the NAT rules as they are right now. Let me know if you have any ideas for solutions or need more info.

rainbowsixnat.PNG
rainbowsixnat.PNG_thumb

I'll try to explain it a bit better.

Take a GRE tunnel for example, I have one connecting my home pfSense to my pfSense VPS in Maimi, FL. With that GRE, I can route my traffic from my server (Let's say video game server, like Half-Life 2) through it, changing the IP of the server that the players join.

My question is how to NAT a game server to go through the VPN from the client to be displayed as the VPN Server's IP. I don't redirect gateway, since it's pretty much a dedicated VPN to route only server traffic through.

Yes you can install reverse proxy package on pfsense to provide that function, ie look at fqdn your trying to hit and send to specific IP behind pfsense.  The section Grimson linked too is prob the better place for such questions..

Simple port forward.. But your wan is a rfc1918 address.. So to get to your nvr from the public whatever is in front pfsense doing the nat to the 172.17 address would have to forward the port to pfsense wan IP.

Hello,
So to comprehend this,(Nat 1:1)the "external ip" would be like a ldap dn , "something reserved for broadcast' or say 8.8.8.8 (Google dns).
"Destination ip" is the private actual up address of the true provider.
The third field (network) is what a packet to the public address should be forwarded to( the packet is not of that subnet though)?
Sincerely,
JC Magras

That was it…. I created an alias called Port_Hole with the external FQDNs in it.... Then I created the following GUEST_NETWORK rule

Source: GUEST_NETWORK net
Destination: Port_Hole

and it works... My Plex connects

dig only resolves myip.opendns.com by using resolver1.opendns.com. And the associated IP is obviously 175.175.175.1.
If you want your web server 2 to use another external IP you have to set it up in the DNS and assign this IP to your WAN interface and configure 1:1 NAT. However, the 1:1 only effects outbound connections.