Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disable NAT Reflection - strange behaviour

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      linuxninjas
      last edited by

      If you are struggling with NAT reflection when playing with VOIP phones then you might consider this :

      When you have the "Disable NAT Reflection" active (box checked) and you then un-check the box meaning that you are actually enabling the creation of reflection rules it
      seems that those rules are NOT created for the existing Firewall / NAT / forwarding rules.

      As such I needed to delete and recreate the firewall / NAT / forwarding rules and then those reflection rules are created for those newly created firewall / NAT / forwarding rules.

      I confirmed this by having a :

      • Disable NAT reflection checked
      • a port forward rule for ssh to a port 4100
      • ssh -p 4100 root@imft.zapto.org    to reach an internal server at imft.org via it's public (dynamic) DNS name did not work

      then I unchecked the "Disable NAT reflection" option
      ssh -p 4100 root@imft.zapto.org      still did not work

      then I deleted the firewall/NAT forwarding rule for 4100
      and recreated the exact same 4100

      now  ssh -p 4100 root@imft.zapto.org    works like a charm.

      My conclusion on this is that simple unchecking the box next to "Disable NAT reflection" won't fix your problem unless you recreate the existing firewall/NAT rules.

      Feel free to correct me,  I'm just learning pfsense.

      But I do have my asterisk server working in a DMZ network behind  pfsense and SIPphones both inside on the production LAN and outside pfsense can connect nicely to the asterisk server.

      The only thing missing is getting my wireless SIP phones working.  These are on another pfsense network segment.  (my blue if you have a ipcop background)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.