Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get NAT working

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      z3r0x
      last edited by

      Hi

      I am having a difficult time to get my NAT working. I think there is a general Firewall Rules problem. Not sure if I got that right..

      I have the following situation

      WAN: xxx.xxx.xxx.xxx
      PROD: 192.168.10.0/24
      TEST: 192.168.1.0/24

      • I would like to do a NAT from WAN port 80 to a Server in TEST port 22 (ssh)
      • I would like to allow any traffic from PROD to TEST and vice versa
      • All ports going in should be blocked (except for the NAT)
      • All ports going out should be open

      I have added all the screenshots…

      The communication between PROD and TEST works although sometimes quite slow...

      ![Screen Shot 2012-04-20 at 8.29.31 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.29.31 AM.png)
      ![Screen Shot 2012-04-20 at 8.29.31 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.29.31 AM.png_thumb)
      ![Screen Shot 2012-04-20 at 8.29.48 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.29.48 AM.png)
      ![Screen Shot 2012-04-20 at 8.29.48 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.29.48 AM.png_thumb)
      ![Screen Shot 2012-04-20 at 8.32.58 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.32.58 AM.png)
      ![Screen Shot 2012-04-20 at 8.32.58 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.32.58 AM.png_thumb)
      ![Screen Shot 2012-04-20 at 8.33.12 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.33.12 AM.png)
      ![Screen Shot 2012-04-20 at 8.33.12 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.33.12 AM.png_thumb)
      ![Screen Shot 2012-04-20 at 8.57.13 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.57.13 AM.png)
      ![Screen Shot 2012-04-20 at 8.57.13 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.57.13 AM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Remove the static routes, as it says you never add static routes for locally attached networks. Note that will remove the link route too so you'll have to reboot after doing so, it'll drop off the network.

        Your firewall rules on internal interfaces are largely redundant. For instance on PROD, the first rule matches everything so the two subsequent rules do nothing. The second rule on TEST matches everything so the rest are redundant.

        Port forward config is fine. Troubleshooting steps for that here:
        http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.