1:1 NAT: traffic passes from WAN to LAN, but not LAN to WAN
-
I'm trying to get ICMP (ping), SSH, and HTTP traffic to flow from one of my static internet ips through the pfSense router, to the 1:1 NATed host, and back again.
Here's a tcpdump snippet of one ping request as captured on the (only) ip interface of the server I want to access:17:22:00.280715 IP 208.54.4.131 > 192.168.1.66: ICMP echo request, id 50528, seq 5, length 64
17:22:00.280728 IP 192.168.1.66 > 208.54.4.131: ICMP echo reply, id 50528, seq 5, length 64As you can see above, the server (X.66) gets the request and answers it. The problem I'm having is that the ICMP echo reply isn't getting sent back through the pfSense router to the originator. Here's a packet capture on the WAN interface of the pfSense box showing the incoming ping requests without corresponding replies:
17:27:07.856754 IP 208.54.4.131 > 74.202.205.152: ICMP echo request, id 64158, seq 2, length 64
17:27:08.748270 IP 208.54.4.131 > 74.202.205.152: ICMP echo request, id 64158, seq 3, length 64
17:27:09.748222 IP 208.54.4.131 > 74.202.205.152: ICMP echo request, id 64158, seq 4, length 64Any help on getting this working is appreciated. ;D Yes, I've looked at the troubleshooting guide and have been looking for the answer for quite a while (a few days). I'd be happy to provide my entire config.xml if that would help diagnose the problem.
Thank you.
-
Ensure that the server is configured to use pfSense for default gateway.
-
Yeah. What does a capture of the same traffic on pfSense LAN (or whatever inside interface the server is on) show?
Check all of the things listed here as they generally apply to 1:1 as well as port forwards:
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
