1:1 NAT: traffic passes from WAN to LAN, but not LAN to WAN

  • I'm trying to get ICMP (ping), SSH, and HTTP traffic to flow from one of my static internet ips through the pfSense router, to the 1:1 NATed host, and back again.
    Here's a tcpdump snippet of one ping request as captured on the (only) ip interface of the server I want to access:

    17:22:00.280715 IP > ICMP echo request, id 50528, seq 5, length 64
    17:22:00.280728 IP > ICMP echo reply, id 50528, seq 5, length 64

    As you can see above, the server (X.66) gets the request and answers it. The problem I'm having is that the ICMP echo reply isn't getting sent back through the pfSense router to the originator. Here's a packet capture on the WAN interface of the pfSense box showing the incoming ping requests without corresponding replies:

    17:27:07.856754 IP > ICMP echo request, id 64158, seq 2, length 64
    17:27:08.748270 IP > ICMP echo request, id 64158, seq 3, length 64
    17:27:09.748222 IP > ICMP echo request, id 64158, seq 4, length 64

    Any help on getting this working is appreciated. ;D Yes, I've looked at the troubleshooting guide and have been looking for the answer for quite a while (a few days). I'd be happy to provide my entire config.xml if that would help diagnose the problem.

    Thank you.

  • Ensure that the server is configured to use  pfSense for default gateway.

  • LAYER 8 Netgate

    Yeah. What does a capture of the same traffic on pfSense LAN (or whatever inside interface the server is on) show?

    Check all of the things listed here as they generally apply to 1:1 as well as port forwards:


Log in to reply