Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT not forwarding reply packets

    NAT
    2
    4
    92
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gammon
      last edited by

      Hi,
      I am running pfSense CE 2.7.2

      I have been running pfSense with multiple Wireguard privacy VPNs as gateways (configured in a gateway group) for whole network privacy. A little over a week ago, I stopped being able to connect out of my LAN (via VPN).

      I tried rolling back to a backup of my current config (backup was take a few months ago), but the problem persisted.

      I tried creating an OpenVPN gateway, but did not have success (but this could easily be an issue with my config, not a reflection of the original problem).

      In the states table, I see states being created when I try and access the internet from my LAN (eg. ping 1.1.1.1 creates a icmp states and access http 1.1.1.1 creates a tcp state). However, my computer is not getting ping responses or http responses.

      I think the problem may be an issue with NAT not forwarding responses correctly. I will admit to not being too smart with regards to networks. Could someone give me some help diagnosing the issue, please?

      Thanks in advance.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Gammon
        last edited by

        @Gammon said in NAT not forwarding reply packets:

        In the states table, I see states being created when I try and access the internet from my LAN

        For LAN traffic, going to anything on WAN or the entire Internet, no NAT rules are needed.
        The default initial installation will work out of the box.

        @Gammon said in NAT not forwarding reply packets:

        A little over a week ago, I stopped being able to connect out of my LAN (via VPN).

        Not being an pfSense client Open VPN expert myself, I though you need a policy firewall rule, not a NAT rule ....

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        G 1 Reply Last reply Reply Quote 0
        • G
          Gammon @Gertjan
          last edited by Gammon

          Thanks @Gertjan,

          I forgot to mention, my routing to gateways is done via firewall rules.

          My understand of the firewall is that initial requests through pfSense are 'tested' by the firewall rules (in this case my outgoing traffic). However responses, which are found in the NAT state table, are given a free pass back to the connection's originator. Is it not strange that connections are showing up in the state table (ie. Firewall rules have been passed), yet I'm not getting replies to my device?

          It also seems to me that this must be a system bug as the problem occurred while I had not been touching the firewall.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @Gammon
            last edited by

            @Gammon

            I used this guide ones to route out traffic over to a VPN, from pfSense to a VPN ISP.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.