NAT reflection still broken???
-
It works…
First you need to uncheck the box at Advanced->Firewall/NAT->"Disables the automatic creation of additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks."
Then just set up a port forward and test on your external IP. Note: You can't test that from the ip address the NAT is redirected to though! You need another client of course...
-
I have done it all…..even enabled it manually on each port forward.
No luck....it redirects me to the pf login page with NAT reflection enabled. It looses the packages if not. It has been rebooted.
Done a clean install asf. No luck....
-
Perhaps it is related to the VM somehow. It is working fine here, just tested it. With latest snap on embedded….
-
The VM is running on E1000 nic's …so hardware issues should be of a minimum. And the install shows no errors. The only thing adapting during install is the installer itself when noticing VMware....
-
Well there must be something there. It is working and others have reported so as well. Did you really try from a different client? Try a web port forward and then try from that other client with http://EXTERNAL_IP and see if that works. That's what I've done.
-
Everything is tested on several different clients…. :S
Thats why it is so frustrating. The only option left, is to change to bare metal and test it on a physical machine......
-
That's what I told u b4 ;)
-
Just tested NAT reflection on the following two builds:
2.0-BETA4 (amd64)
built on Tue Dec 21 16:10:15 EST 2010and
2.0-BETA4 (i386)
built on Tue Dec 21 12:44:54 EST 2010Didn't have any trouble with either the i386/amd64 builds and both were running in VMs.
-
Which version of Vmware?
And can you post your VM config in here?
:)
Just tested NAT reflection on the following two builds:
2.0-BETA4 (amd64)
built on Tue Dec 21 16:10:15 EST 2010and
2.0-BETA4 (i386)
built on Tue Dec 21 12:44:54 EST 2010Didn't have any trouble with either the i386/amd64 builds and both were running in VMs.
-
Actually, they were both running in Hyper-V. I've got VMware Workstation (v7.1.3) which I can test on as well. Don't have VMs setup for pfSense in VMware, but I'm installing them now and will let you know what I find…
-
Thx mate!! Very kind of you :)
Merry christmas!
-
I only tested the i386 build in VMware, but NAT reflection worked there too. Below is the VMware config (which is very basic):
.encoding = "windows-1252" config.version = "8" virtualHW.version = "7" maxvcpus = "4" scsi0.present = "TRUE" scsi0.virtualDev = "lsilogic" memsize = "1024" ide0:0.present = "TRUE" ide0:0.fileName = "pfSense-000003.vmdk" ide1:0.present = "TRUE" ide1:0.fileName = "E:\Downloads\pfSense-i386.iso" ide1:0.deviceType = "cdrom-image" ethernet0.present = "TRUE" ethernet0.virtualDev = "e1000" ethernet0.wakeOnPcktRcv = "FALSE" ethernet0.addressType = "generated" usb.present = "TRUE" ehci.present = "TRUE" svga.autodetect = "FALSE" mks.enable3d = "TRUE" pciBridge0.present = "TRUE" pciBridge4.present = "TRUE" pciBridge4.virtualDev = "pcieRootPort" pciBridge4.functions = "8" pciBridge5.present = "TRUE" pciBridge5.virtualDev = "pcieRootPort" pciBridge5.functions = "8" pciBridge6.present = "TRUE" pciBridge6.virtualDev = "pcieRootPort" pciBridge6.functions = "8" pciBridge7.present = "TRUE" pciBridge7.virtualDev = "pcieRootPort" pciBridge7.functions = "8" vmci0.present = "TRUE" roamingVM.exitBehavior = "go" displayName = "pfSense" guestOS = "freebsd" nvram = "pfSense.nvram" virtualHW.productCompatibility = "hosted" extendedConfigFile = "pfSense.vmxf" ethernet1.present = "TRUE" ethernet1.virtualDev = "e1000" ethernet1.wakeOnPcktRcv = "FALSE" ethernet1.addressType = "generated" ethernet2.present = "TRUE" ethernet2.virtualDev = "e1000" ethernet2.wakeOnPcktRcv = "FALSE" ethernet2.addressType = "generated" ethernet0.generatedAddress = "00:0c:29:08:f9:17" ethernet1.generatedAddress = "00:0c:29:08:f9:21" ethernet2.generatedAddress = "00:0c:29:08:f9:2b" uuid.location = "56 4d a5 1b bd 36 0e ac-db 0f e5 e6 db 08 f9 17" uuid.bios = "56 4d a5 1b bd 36 0e ac-db 0f e5 e6 db 08 f9 17" cleanShutdown = "TRUE" replay.supported = "FALSE" replay.filename = "" ide0:0.redo = "" pciBridge0.pciSlotNumber = "17" pciBridge4.pciSlotNumber = "21" pciBridge5.pciSlotNumber = "22" pciBridge6.pciSlotNumber = "23" pciBridge7.pciSlotNumber = "24" scsi0.pciSlotNumber = "16" usb.pciSlotNumber = "32" ethernet0.pciSlotNumber = "33" ethernet1.pciSlotNumber = "34" ethernet2.pciSlotNumber = "35" ehci.pciSlotNumber = "37" vmci0.pciSlotNumber = "38" vmotion.checkpointFBSize = "134217728" ethernet0.generatedAddressOffset = "0" ethernet1.generatedAddressOffset = "10" ethernet2.generatedAddressOffset = "20" vmci0.id = "-620168937" ide1:0.autodetect = "TRUE" tools.remindInstall = "TRUE" sound.present = "FALSE" floppy0.present = "FALSE" -
Thx again :)
-
Still not working….updating to latest snapshot 12/23 03:37
:'(
-
No luck….it redirects me to the pf login page with NAT reflection enabled. It looses the packages if not.
Have you tried with a factory-default config of pfSense (without any packages)?
What about the target system (that you're redirecting to) - it isn't running a software firewall that might be blocking the traffic?
-
Nope…its an ISA. FW it is, but the same config on 1.2.3 runs no issues.
Funambol sync on the mobiles cannot connect on 2.0 but stops at logging on the mailserver. Running 1.2.3 no issues. Its like the packets never get there.....or they are empty. I havent got a bloody clue of whats wrong....i cant see anything in the logs...nothing is blocked.
-
Still broken for me in a totaly clean install. I havent got a bloody clue….............
-
Does anything show up in a packet capture on your LAN interface for the reflected ports? If not, is it possible that something else is blocking the traffic (like a layer 3 switch)?
-
They are both sitting on the same Vswitch and its not L3 capable.
-
Nope…..nothing at all.... This is SO weird.....
Does anything show up in a packet capture on your LAN interface for the reflected ports? If not, is it possible that something else is blocking the traffic (like a layer 3 switch)?