Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting Custom NAT Protocols in newer PF versions

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 363 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bfelts
      last edited by bfelts

      I recently installed a new PF instance and upgraded it to 2.7.2-RELEASE (amd64).

      Ive made use of custom protocol definitions that aren't already included in the NAT firewall edit menus, in past versions.

      e.g. what they are discussing in here -> https://forum.netgate.com/topic/133152/nat-forward-rules-for-other-protocols-ipip?_=1705889208937 and http://www.qsl.net/kb9mwr/wapr/tcpip/pfsense.html

      I used to be able to edit a protocols array in the PHP. But looks like some code changes have assigned protocols into a variable stored elsewhere?

      I've looked through .inc files and can't find the array or how the protocols are populated now.

      Does anyone know where the the NAT protocol services (dropdown choices) are derived from in the newer software?

      I just want to add IPIP/ipencap choices back so I can create a NAT rule based on them. Thanks!

      Byron

      B 1 Reply Last reply Reply Quote 0
      • B
        bfelts @bfelts
        last edited by

        Nevermind, I guess. Looks like no one knows.

        In the meantime I figured out a different way as workaround.... hand editing the Backup NAT and Firewall rules and using Restore.

        Just export, copy your last rule from each, paste into a new one. Change the name, blank the associated GUID ID to nothing, change protocol to ipencap, blank the port in port reference. Save. Import NAT file. Import Firewall file. No reboot needed.

        Do a tcpdump -vvv -i tunl0 on your NAT'ted AMPR gateway you're trying to expose. If you did this right and AMPR portal is already sending traffic to your public IP, your NAT should kick in and ipencap should start flowing and registering on your terminal from tcpdump immediately.

        Good luck if youre on newer PFsense.. (2.7.2) looking into running AMPR gateway, and Google brought you to this post.

        Cheers
        Byron

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.