Problem with NAT
-
Hi,
I Have this scenario:
My Pfsense has two network
Lan -192.168.0.19
Wan - 192.168.1.67 (DHCP) - i get this ip from my routerMy router
router is use protocol ipoe, is the default gatewaySo i have a service that i want to acess outside from my networks. so i make my nat rules
NAT
Interface:wan
protocol:tcp
source address: any
source ports:any
dest. address:wan address
dest. ports:491
NAT IP:192.168.1.223
NAT ports:491
Nat reflection:use systems default
filter rule association:create new associated filter ruleOn my system->advanced->firewall & NAT
Nat reflection mode :disabled
Enable nat reflection:no check
enable automatic outbound no checkwhen i try to access my network from outside, my nat rule is not working, i use portchecktool.com i got this message could not see service on port 491. can you help me please.
-
"NAT IP:192.168.1.223"
How would that work? If your lan is 192.168.0
Your wan is also rfc1918, so whatever is doing nat in front of pfsense would have to allow the traffic into pfsense WAN IP before pfsense could forward it on to something on its lan.
-
sorry i make mistake, i mean NAT IP:192.168.0.223, and i don´t have checked in wan interface on my block private networks and loopback addresses. i don´t understand what do you mean i have rfc1918. My nat rule still don´t work it
-
your pfsense wan is private IP, ie its not public. So there is something in front of it doing nat..
Your other router or isp device is changing your public IP to the is private (rfc1918 address)
"Wan - 192.168.1.67 (DHCP) - i get this ip from my router "
So you need to make sure you forward whatever it is you want to forward on that device to pfsense wan IP.
Since you will be sending traffic to rfc1918 (your pfsense wan) you will need to make sure you uncheck the block rfc1918 on wan.