Outbound NAT (& UPnP) problems
-
Hi all,
I'm breaking my head over the following. For two devices, each on a different subnet, one cable connected, the other one via an access point (both connected to the same managed switch), i have configured static outbound NAT, as well as UPnP. This used to work, untill a few weeks ago (don't know exactly how long ago, since the ones using the devices didn't complain until after weeks).
I never anymore see any UPnP rules in Status –> UPnP & NAP-PMP
One of the devices is a Nintendo Switch, which I will use as an example. The connection test on the Nintendo Switch keeps saying the NAT-type is D, while after setting static outbound NAT, it should be B.See screenshots for relevant settings. Would really appreciate some help :)
-
Are you 100% sure that your switch pulled that IP address? The rules look correct, but if it isn't showing the correct NAT type then something about them must not be matching properly.
-
Hi jimp,
I'm sure it pulled the correct IP address. I checked it on the Switch itself (network settings as well as diagnostics). Also the IP shows 'online' (DHCP status) and I see a few active states when connected.
EDIT: And I see the correct entry in the ARP table. -
Anyone has another idea what the problem might be?
I read in an old thread here that adding multicast rules to the LAN might help, but i already have an allow all from LAN net to all, so that doesn't seem to make sense in this case.
-
OK, i somehow got it working. I'm not 100% sure what the problem was eventually. The changes:
Only disabled UPnP/NAT-PnP on OPT1; so now it's only on LAN enabled and only the Nintendo Switch and the same port range allowed.
Removed the static outbound rule for client on OPT1; so now there is only the static outbound rule for the Nintendo Switch left.
Created a port forward NAT rule to redirect all DNS requests to pfSense resolver on the LAN (and the same for OpenDNS on OPT1).
Redid the VLANs on my managed switchI'm 99.9% sure that I have the exact same VLAN config as before, but yeah, it also seems very unlikely that the problem was related to one of the other three settings, unless anyone has some other insights…
