Nat Problem

Comtezero

Hello,

I can use pfsense since many months, but since 3-4 days i try to deliver service (teamspeak, ut2k4) for friends.
I parameter firewall with NAT and firewall rulls but i can't join any else from the web.

When i try in local, it is ok.

Example of NAT :
WAN   UDP   7788   192.168.1.11 (ext.: any) 7788   UT2004Server

Example of Rules :
UDP   *   7788   192.168.1.11   7788 *       UT2004Server

I have already reset states, reboot firewall.

My package suite :

Lightsquid  
OpenVPN-Enhancements
Pubkey
imspector
squid Network
squidGuard

In advanced setting i have this choice which is ok : Disable NAT Reflection

I don't see where is the problem.
(sorry for my english)

PS : i access by internet on my web interface for configure my firewall (https)
don't use DMZ for moment

GruensFroeschli

Dont set the external address to any, but to "interface IP".
Do you have anything blocked in the firewall settings?

What error do your friends get when they are trying to join?

Did you try to set the "static IP" option? (search the wiki for this)

Comtezero

I have rules for block traffics, but i place them rules before block.

Dont set the external address to any, but to "interface IP".

hmmm interface address of my lan on firewall ?
I don't have lot of choice for that, it is any or external.

They have no error, for example when i try to join ut's server, it responding by N/A.

Comtezero

I try for web admin of this game, but NAT doesn't work.

I autorised on firewall traffic in 8080.
I active Manual AON and add this rule :
LAN    any  8080  *  8080  *  *  YES
and try whit that :
WAN    any  8080  *  8080  *  *  YES

I port forwarding i have that :
  LAN  TCP/UDP  8080  192.168.1.11(ext.: 192.168.1.1) 8080

Interface admin doesn't work by internet

GruensFroeschli

Set to external, not any

You have a source port defined in your firewallrule for the NATforwarding.
Set the sourceport to any.

Comtezero

Firewall rules :
TCP/UDP  *  *  *  8080  *

Port forward :
WAN  TCP/UDP  8080  192.168.1.11(ext.: any) 8080

AON :
WAN    192.168.1.0/24  *  *  *  *  *  YES
WAN    any  8080  *  8080  *  *  YES

I change many parameters for try, nothing.

GruensFroeschli

Can you do a tcp dump when someone connects?

Comtezero

I do'nt know if it is a bug, but since i modify NAT i have problems.
Bye Internet except in my home, i can't access at web administration of pfsense.
On my lan i can access to web game admin, not by internet.

Yesterday i use option "reset to factory…" and always same problems.
I add same rulls (NAT+firewall) and not i can access to web admin game in my work but not when i have in my home (except by lan).

I desactivate "Block bogon networks" and now i access in my pfsense webadmin anywhere.

Comtezero

I add "dmz" in my configuration.

Webadmin is on subnet 192.168.10.0
Lan is on subnet 192.168.1.0

I add rules and NAT.
If i want to access on webadmin, it is only possible if i use 192.168.10.2, not possible if i use my dns (dyndns is ok) but if i try at work or others lans, i can access on webadmin (blank page)

I use whireshark :
Try to connect on good port (8080).

For make try, i install a simply Apache2.
Delete all block rules, add nat rules, nothin can't access by internet on my dmz.
I try lot of configuration possibility nothing change any else.

I think it is a bug, NAT is ok for ssh but KO for others :/

anyone have idea ?

Comtezero

Upgrade in 1.2.3 RC3…. now it is ok...

finally : not all ok...