Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Timeouts and Poor performance with 1 to 1 NAT?

    NAT
    1
    2
    1454
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beaven67 last edited by

      I appreciate any tweaks anyone can give regarding my problem.

      I have PFsense 1.2.2 running with a webserver behind it. General performance is ok but if there are reference links on a page.
      These are relative links, the page will timeout when accessed. I know that this is a firewall issue because i can fire up an older ipcop firewall that is natting the same ip and the web pages load just fine. This is running on a vmware server. I don't think that vmware has much if any to do with it considering that the old ipcop firewall is in the vm as well. It appears as thought there is something not quite right with Natting and the session information it is retaining.

      Any ideas are greatly appreciated.
      Thanks,
      Pat
      :)

      1 Reply Last reply Reply Quote 0
      • B
        beaven67 last edited by

        FYI,
                  I found the issue. There were actually a few different problems.
        First, The webserver was referencing both private and public ip addresses that correspond to the private ip.

        Second, The firewall does not support NAT reflection unless you utilize port forwarding.

        The fix was easy. I setup all services to use port forwarding and enabled nat reflection under advanced options and also
        modified the lan rule source to * (any) to fix the problem.

        What gave it away was that the webserver (with ipcop in front of it) could access webpages via the public ip.
        and with pfsense it could not. PFsense does some actual sessioning versus ipcop providing only basic nat.

        PFsense was not the issue!!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy