What are you wan rules?  Post them!  Unless you have wan rule that allows the access creating a port forward does ZERO!

Thanks so much for the help.  Port forwarding is working now.  Next step getting my colleagues to us a VPN instead.

I have absolutely no idea how or why, but this issue has just suddenly gone away by itself.  Pfsense is now able to connect to its repositories yet I have been on shift since making this first post and have not amended any settings.  It can't be that the repositories themselves were down, or anything such as that, as I was able to connect to them originally, but only if my NAT rules were set a certain way.  I now have both connectivity from pfsense and from all devices on the network, but I didn't do anything.  Very strange, has me even more puzzled now!

There is zero reason for a downstream router running rfc1918 space to nat..  You only need to at the edge where you change from rfc1918 to public.  Or if you have rfc1918 space that overlaps each other.

If you nat at your downstream router than any traffic that needs to come from the upstream network will have to be port forwarded into your downstream network..  PITA if you ask me, especially if you have more than 1 box on the downstream network running specific services, etc.

Nowhere close to enough information.

You will need to be more specific. What subnets/addresses are where, exactly what did you do to test - again, specific source/dest addresses and ports, etc.

A diagram might help. Again, please include specifics.

Hi there,

Have you found a solution to your problem ? I'm in the same scenario. I've got an OVH Server 4 Failover IP, 4 WAN interfaces on pfsense.

All my outbound traffic goes out through the first WAN1 Interface. I've tried outbound natting but my traffic won't go out from interface WAN2 or others.

If you've found a solution that would be great !

Cheers,

Ram

No such luck I am afraid.  The "new" switch is a SG200-26.  Would love to understand what went wrong in that switch though.  Almost like a messed up ARP table?

So what nics does this HOST have, and how are you doing the opt interfaces in pfsense - are they vlans in pfsense sitting on the 1 vmnic? Which is bridge to what physical nic?  So you have multiple physical networks that match up to these 3 networks..  Or is this all going to be virtual networks on the host?

Your going to have to give some more info dude!!!

Virtualbox you can setup bridge to your physical nic, or they can be natted etc..  They can be host only, etc.. So what networks do you have setup in VB?  How does your physical network attach to your VM Host?

Hi,

Last night i setup pfsense at my home with my old unused Computer with PCI Lan adaptor.

issue:

I have Tikona DHCP Web Based Login type ISP.

i can use flawlessly on Basic Home/Small Router Like TPLINK/ DLINK/ TENDA etc,

but after i go thru pfsense i can't able to access internet  because Web Based Login page unable to access.

pfSense :- 192.168.1.1/24
Tikona Log in Link :-1.254.254.254
pfSense DHCP LAN :- 192.168.100.1

Need Help!  :-\

You want to forward ALL udp traffic on any port to this 1 box?  Why would you think you need to do this for sip to work?

"packet loss is down to acceptable levels. "

What do you consider acceptable?  Just curious - so zero? ;)

It's both TCP and UDP.
After reading that link, i restarted the server which fixed the problem, it's now responsive on port 49998. And i changed the TIME_WAIT delay in regedit to 100 secs over the default 240 secs. Hopefully that will permanently fix it. But at least i've found out that this is probably a 2012 server problem, so i got that going for me.

It depends on what you are using for the pool and the options picked in the GUI.

If you used a host alias with a few IP addresses inside, then all it can do is round-robin NAT that. So one time it gets address x.x.x.a, then x.x.x.b, then x.x.x.c and so on for each new state created from that NAT rule.

If you used an entire subnet definition and you choose "random" then it would do what it says and pull an address randomly from the subnet.

There is nothing special about forwarding that port compared to any others.

What part is "not working"?

How are you testing it? Where are you testing it from (client on WAN or on LAN)?

Run through all the suggestions and tests at https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Round robin in that case.

Tell him that is fine. It will appear random. Stop overthinking and micro-managing.