Single port NAT works, but creating a group of ports fails



  • OK - Maybe I'm being an idiot here, but I'm starting to doubt my sanity here.

    Running on latest version of pfsense.

    I got 5 VIP setup.

    I NAT one of the VIP as a test to my http temp monitor and works fine.

    I try another NAT using the next VIP in the list (/29) along with about 5 ports listed in a group - including http.  Times out external.  Internally can pull up the website fine.

    I did a test to use my first NAT create for the temp monitor and switched the internal IP to my 2nd system I was trying and it works!

    I did the NAT troubleshooting  guide and that all seems to be in order.

    Any suggestions?  Seems anything that I use a group of ports doesn't want to work.

    Thanks in advance.

    -IG


  • Netgate

    Post what you have actually done.

    Firewall > Virtual IPs
    Firewall > NAT, Port Forward
    Firewall > Rules, WAN



  • Here is the rest of the info

    ![Aliases IP.PNG](/public/imported_attachments/1/Aliases IP.PNG)
    ![Aliases IP.PNG_thumb](/public/imported_attachments/1/Aliases IP.PNG_thumb)
    ![aliases ports.PNG](/public/imported_attachments/1/aliases ports.PNG)
    ![aliases ports.PNG_thumb](/public/imported_attachments/1/aliases ports.PNG_thumb)
    ![nat rules.PNG](/public/imported_attachments/1/nat rules.PNG)
    ![nat rules.PNG_thumb](/public/imported_attachments/1/nat rules.PNG_thumb)


    ![WAN rules.PNG](/public/imported_attachments/1/WAN rules.PNG)
    ![WAN rules.PNG_thumb](/public/imported_attachments/1/WAN rules.PNG_thumb)


  • Netgate

    Looks OK, though I've never personally done all those different ports in one alias before I don't know that it doesn't work as long as the destination and mapped ports are 1 for 1.