having problems with port forwarding and nat and vpn
-
so the nslookup example.com i get
Server: pfSense.localdomain
Address: 192.168.0.1Non-authoritative answer:
Name: myexampe site
Address: and my internet iptyping in my wan ip i get the pfsense warning page
This site is not secureThis might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.
then you click details and goto the webpage and pfsense page loads up..
i realize port 80 is for the pfsense pageand i remember for my dlink router 8080 was for the router page from internet but i guess 80 for local or so
but its like pfsense doesn't know is it for the webserver or is it for the pfsense admin page takes the pfsenseleast that's what i thinking its doing
-
@comet424 I see it, sorry I should have seen it before. Get rid of the "mapping" for 192.168.0.224.
-
which one location? i did rename it to 192.168.0.11 that way it wasnt run by dhcp
oh and on the xbox it doesnt work.. it gets internet i see the megabits send and receive in the LAN section on pfsense
but the double nat is there and i get this other error
Can not get a Teredo IP Address
i quitting for the night but will tackle it tommorow
solve one problem another arises... lol -
@comet424 I've never had an xbox, but apparently they are rather picky about their network environment. Here are two fairly recent (2017) guides I found that may be helpful:
https://digiex.net/threads/pfsense-step-by-step-guide-to-multiple-xbox-ones-open-nat-play-together-2-3-x.15094/
https://www.ceos3c.com/pfsense/strict-nat-pfsense-ps4-xbox-fix/ -
ya i have followed both of those ways before and just did it again
if i do a clean install of pfsense.. and do either of those instructions Xbox Opens
when i setup the VPN.. it sees i have internet.. but then i get the Teredo IP address so xbox doesn't function anymore.. so i must be missing a step
this is the tutorial i followed for the vpn
https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/so maybe one of them settings is buggering up the thing
i redid the setup and here some pics
so i stumped works fine before i setup the vpn but i set the vpn below the xbox bypass so it should work must be a setting just a check box that needs checking i bet
-
here is the UpnP settings i set too
-
also experiencing from xbox high packet loss %22 packet loss
and I finding computer slow and wasn't sending picsso frustrating it should be working
and I disabled the upnp cuz the one article said it conflicts but still not working
-
so not having any luck
if I reset pfsense and do 2 different ways xbox opens
if I install vpn it fails.. I found a article on reddit I tried but didn't work for mebelow is rules I just playing with I tried going xbox ip to Wan address Wan Net didn't work, if I did destinate * or the any it showed packets going as you see but it also was sending at the vpn… its not working just sending directly to the WAN interface I so frustrated
I do reboots of the pfsense and xbox nothing helps
-
@comet424 I don't have a theory as to why just adding the VPN client connection breaks the xbox, since your firewall rule is excluding the xbox from going through the VPN. One thing would at least be easy to try is to have a LAN firewall rule that directs all traffic whose source is NOT the xbox through the VPN. That way you don't have a firewall rule explicitly matching traffic from the xbox. However, I can't think of any way in which having a firewall rule matching traffic from the xbox would in any way cause problems. But if you want to try that, just disable all but the bottom two LAN firewall rules from your most recent screen shot. Enable the bottom "Default allow LAN to any" rule, and then edit the "NordVPN Canada LAN" rule above so that the Source is set to 192.168.0.49 with the "Invert match" box checked (i.e. the source is anything EXCEPT 192.168.0.49). I don't have high hopes for this, but I don't have any other ideas at the moment either.
-
ah ok ill give it a try.. as you see the first line for the xbox gets data as when i fresh its getting packets. but at the same time the vpn is getting data too.. would any of the status logs help
its frustrating as the article on Reddit guy got it to work but when i tried didnt work so i emailed on there hoping he gets it... it has to be a check box a glitch or something
if i ever figure it out there needs to be a sticky so it shows anyone solved this issue
only other idea was if i had 3 nics 1 for WAN 1 VPN LAN and 1 for NonVPN Lan if that would work or possibly have same issue.. and i cant do this VLan i tried as u need a switch that can handle Vlans so that sucked..and i still havent solved the webserver behind the firewall either.. but i havent tried a clean install of pfsense no vpn and try port forwarding..
so who knows thanks so far for trying to helpguess you dont have a PS3 or PS4 as same issues with it
-
@comet424 It's expected that you would see both firewall rules (the one for your xbox and the one for your VPN) getting traffic. And the fact that the xbox rule is getting traffic would seem to indicate that it's working. So I don't know why it's not.
For your web server, did you delete the outbound NAT rule, the one with the source of 192.168.0.224/32? I think if you get rid of that, if should work.
I don't have a gaming console myself. A family member has a PS3 that's on a home network I administer, also running pfSense with active VPN client tunnels. As far as I know they haven't had any issues and I didn't need to do any special configuration for the PS3 (in fact, it's not even excluded from the VPN, it's running through it I believe). So maybe the PS3 just doesn't have the same strict network requirements as the xbox?
I found this forum post, which may be useful:
https://forum.netgate.com/topic/106215/xbox-one-and-teredo-udp-port-3544 -
ah ok i figured if the xbox data is sending to the bypass vpn and the vpn that would be the double nat issue.. i figured it supposed to just goto the bypass vpn rule and not even touch the vpn rule.
because you want traffic only on the bypass not both as that would cause the double nat would it not.. its sending data to both rulesas for the webserver i gave up on it at the moment i changed it to a static ip of 192.168.0.11 i played with wan rule and nat i if i use web broswer and type ins 192.168.0.11 it works fine well least to the one website thats setup as i wanna run 5 different websites on my windows 2016 server..
but if i type in say www.example.com www.example2.com www.example3.com it keeps just hitting the pfsense router pageas for the xbox or ps3 ps 4 they will work in double nat.. but if you want to have voice for mulitple player so talk on the microphone and couple other things then both PS3 4 and Xbox 360 One have to be in Open Nat mode to function and ill check out the link shortly i appreciate the help..
its too bad there are no visuals like you could see like in movies you can see oh the files are hitting the firewall oh it stopped there thats the problem.. too bad in real life we cant see well the data is moving fgrom the xbox now it stops at this spot oh this be the reason fix that and boom goes through etc lol -
and when the VPN is off Xbox is Nat is Open. when its On it goes double nat.. so i wonder
can you block the XBoxs IP on the VPN? but not block it on the rest of the networkas i playing around this block and reject i seen under the rules but not sure if thats all you have to do
-
when i play with the block i have in pic below i get packet loss's but i keep trying
im just trial and erroring things now
as i figure i want to Only allow xbox to access WAN but block access to VPN
-
I think i solved it .. from what you were saying and the helping and the how the rules go
and then you mentioned thats normal goes to wan and also the vpn that got me thinking i need to block it
it seems to be working i have VPN for my computer and bypass for the xbox and its open.. ill test more tommorow and get back to you but this is what i did seems to do the trick
