Timeouts and Poor performance with 1 to 1 NAT?



  • I appreciate any tweaks anyone can give regarding my problem.

    I have PFsense 1.2.2 running with a webserver behind it. General performance is ok but if there are reference links on a page.
    These are relative links, the page will timeout when accessed. I know that this is a firewall issue because i can fire up an older ipcop firewall that is natting the same ip and the web pages load just fine. This is running on a vmware server. I don't think that vmware has much if any to do with it considering that the old ipcop firewall is in the vm as well. It appears as thought there is something not quite right with Natting and the session information it is retaining.

    Any ideas are greatly appreciated.
    Thanks,
    Pat
    :)



  • FYI,
              I found the issue. There were actually a few different problems.
    First, The webserver was referencing both private and public ip addresses that correspond to the private ip.

    Second, The firewall does not support NAT reflection unless you utilize port forwarding.

    The fix was easy. I setup all services to use port forwarding and enabled nat reflection under advanced options and also
    modified the lan rule source to * (any) to fix the problem.

    What gave it away was that the webserver (with ipcop in front of it) could access webpages via the public ip.
    and with pfsense it could not. PFsense does some actual sessioning versus ipcop providing only basic nat.

    PFsense was not the issue!!


Log in to reply