Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Disable NAT Reflection - strange behaviour

    NAT
    1
    1
    2863
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      linuxninjas last edited by

      If you are struggling with NAT reflection when playing with VOIP phones then you might consider this :

      When you have the "Disable NAT Reflection" active (box checked) and you then un-check the box meaning that you are actually enabling the creation of reflection rules it
      seems that those rules are NOT created for the existing Firewall / NAT / forwarding rules.

      As such I needed to delete and recreate the firewall / NAT / forwarding rules and then those reflection rules are created for those newly created firewall / NAT / forwarding rules.

      I confirmed this by having a :

      • Disable NAT reflection checked
      • a port forward rule for ssh to a port 4100
      • ssh -p 4100 root@imft.zapto.org    to reach an internal server at imft.org via it's public (dynamic) DNS name did not work

      then I unchecked the "Disable NAT reflection" option
      ssh -p 4100 root@imft.zapto.org      still did not work

      then I deleted the firewall/NAT forwarding rule for 4100
      and recreated the exact same 4100

      now  ssh -p 4100 root@imft.zapto.org    works like a charm.

      My conclusion on this is that simple unchecking the box next to "Disable NAT reflection" won't fix your problem unless you recreate the existing firewall/NAT rules.

      Feel free to correct me,  I'm just learning pfsense.

      But I do have my asterisk server working in a DMZ network behind  pfsense and SIPphones both inside on the production LAN and outside pfsense can connect nicely to the asterisk server.

      The only thing missing is getting my wireless SIP phones working.  These are on another pfsense network segment.  (my blue if you have a ipcop background)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy