Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT: traffic passes from WAN to LAN, but not LAN to WAN

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gregben
      last edited by

      I'm trying to get ICMP (ping), SSH, and HTTP traffic to flow from one of my static internet ips through the pfSense router, to the 1:1 NATed host, and back again.
      Here's a tcpdump snippet of one ping request as captured on the (only) ip interface of the server I want to access:

      17:22:00.280715 IP 208.54.4.131 > 192.168.1.66: ICMP echo request, id 50528, seq 5, length 64
      17:22:00.280728 IP 192.168.1.66 > 208.54.4.131: ICMP echo reply, id 50528, seq 5, length 64

      As you can see above, the server (X.66) gets the request and answers it. The problem I'm having is that the ICMP echo reply isn't getting sent back through the pfSense router to the originator. Here's a packet capture on the WAN interface of the pfSense box showing the incoming ping requests without corresponding replies:

      17:27:07.856754 IP 208.54.4.131 > 74.202.205.152: ICMP echo request, id 64158, seq 2, length 64
      17:27:08.748270 IP 208.54.4.131 > 74.202.205.152: ICMP echo request, id 64158, seq 3, length 64
      17:27:09.748222 IP 208.54.4.131 > 74.202.205.152: ICMP echo request, id 64158, seq 4, length 64

      Any help on getting this working is appreciated. ;D Yes, I've looked at the troubleshooting guide and have been looking for the answer for quite a while (a few days). I'd be happy to provide my entire config.xml if that would help diagnose the problem.

      Thank you.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Ensure that the server is configured to use  pfSense for default gateway.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Yeah. What does a capture of the same traffic on pfSense LAN (or whatever inside interface the server is on) show?

          Check all of the things listed here as they generally apply to 1:1 as well as port forwards:

          https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.