Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT (& UPnP) problems

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reilos
      last edited by

      Hi all,

      I'm breaking my head over the following. For two devices, each on a different subnet, one cable connected, the other one via an access point (both connected to the same managed switch), i have configured static outbound NAT, as well as UPnP. This used to work, untill a few weeks ago (don't know exactly how long ago, since the ones using the devices didn't complain until after weeks).

      I never anymore see any UPnP rules in Status –> UPnP & NAP-PMP
      One of the devices is a Nintendo Switch, which I will use as an example. The connection test on the Nintendo Switch keeps saying the NAT-type is D, while after setting static outbound NAT, it should be B.

      See screenshots for relevant settings. Would really appreciate some help :)
      Static_IP.jpg
      Static_IP.jpg_thumb
      NAT_rules.jpg
      NAT_rules.jpg_thumb
      NAT_outbound_rule.jpg
      NAT_outbound_rule.jpg_thumb
      Firewall_rules_LAN.jpg
      Firewall_rules_LAN.jpg_thumb
      UPnP_settings.jpg
      UPnP_settings.jpg_thumb
      Firewall_rules_WAN.jpg_thumb
      Firewall_rules_WAN.jpg

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Are you 100% sure that your switch pulled that IP address? The rules look correct, but if it isn't showing the correct NAT type then something about them must not be matching properly.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          reilos
          last edited by

          Hi jimp,

          I'm sure it pulled the correct IP address. I checked it on the Switch itself (network settings as well as diagnostics). Also the IP shows 'online' (DHCP status) and I see a few active states when connected.
          EDIT: And I see the correct entry in the ARP table.

          1 Reply Last reply Reply Quote 0
          • R
            reilos
            last edited by

            Anyone has another idea what the problem might be?

            I read in an old thread here that adding multicast rules to the LAN might help, but i already have an allow all from LAN net to all, so that doesn't seem to make sense in this case.

            1 Reply Last reply Reply Quote 0
            • R
              reilos
              last edited by

              OK, i somehow got it working. I'm not 100% sure what the problem was eventually. The changes:

              Only disabled UPnP/NAT-PnP on OPT1; so now it's only on LAN enabled and only the Nintendo Switch and the same port range allowed.
              Removed the static outbound rule for client on OPT1; so now there is only the static outbound rule for the Nintendo Switch left.
              Created a port forward NAT rule to redirect all DNS requests to pfSense resolver on the LAN (and the same for OpenDNS on OPT1).
              Redid the VLANs on my managed switch

              I'm 99.9% sure that I have the exact same VLAN config as before, but yeah, it also seems very unlikely that the problem was related to one of the other three settings, unless anyone has some other insights…

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.