NAT from internet to LAN Router through pfSense

  • Im trying to connect to a computer from internet through the isp router wich is connected to pfsense (Firewall) and pfsense, connected to a Lan Router, i have a port forwarding and its respective rule in pfSense to the Lan router but it seems that pfsense its not doing the nat correctly, could you give me one hand?

    The net scheme here:

  • @rgmagritte said in NAT from internet to LAN Router through pfSense:

    but it seems that pfsense its not doing the nat correctly

    And you think, the other routers do their jobs?

    Show your your NAT rules on pfSense, inbound and outbound.

  • @viragomann
    In WAN tab i have a this rule:
    ipv4 TCP Destination: (Router LAN) Port: 3389 No Gateway, Source port and no Source indicated.

    In Port Forward Tab:
    Interface WAN Protocol TCP Dest. Add: WAN Address Dest Port: 3389 NAT IP: (LAN Router) NAT port: 3389

    In outbound:
    Automatic outbound NAT
    and auto rules:
    WAN port 500 autocreated isakmp
    and the same rule without port
    both autogenerated by default

    In the isp router i have a port forward to the wan Gateway of ofsense
    In the LAN router i have the port forward to the ip server and correct port.

    Maybe im not doing the nat correctly in pfsense?

  • You may also post screenshots here, that should work by copy and paste.

    And both of your other routers also do masquerading on outbound towards internet?

    On pfSense you can use Diagnostic > Packet capture to see what the packets really do on WAN and LAN interface.

  • @viragomann
    The problem was in the computer behind the LAN Router, it wasn't accepting connections!
    But now, behind the same router (LAN Router) I have another problem!. I have an IP Camera wireless connected, and its impossible to access it from internet, when the connection succeeds, it has taken a long time to do it, and sometimes I receive a time exceeded message!
    So, the question is: is there any kind of specific setting for this devices?
    Why is connecting so slow and sometimes it doesn't connect?
    i have changed the port number also, to a lower one, from 21000 to 2000 but it still doesn't work!
    Any ideas?
    Thanks so much!

  • Are you able to connect to the cam from another subnet?
    Does the device provide a gateway setting?

  • I'm able to connect from a computer in same net, 192.168.168...
    yes!, the device is set with static ip and specific port, the Gateway is the lan router ip
    but i have tested the access from outside lan without pfsense, i mean, only with isp router connected to LAN router and it goes perfect! and fast!, when i put the pfsense between router is when i can't connect to the cam from outside LAN.
    I have to say that pfsense is set to its Factory defaults only some days ago and it hasn't packages installed. only LAN/WAN interfaces configured and 2 Firewall NAT rules, one of them for the cam!.
    Is there any specific setting for this devices? i ask because it sends video and sometimes it requires different config for some devices!.

  • LAYER 8 Global Moderator

    Why anyone in their right mind would expose an IP camera to the public internet is beyond me.. Have you been living in a cave - the 1000's of IP camera's that security is just shit on? Why would you think its ok to expose something like that to the public internet?

    If you want to watch your camera while your out - then vpn into your network.

  • Yeah!, I was watching the camera through vpn with pFSense OpenVPN, IPSEC/L2TP but recently I had to restore to default the pFSense config And now I was testing the connection from internet, because I wasn’t able to connect to the cam! Once resolved the problem, I will enable again my vpn server, I know that if I try to connect by vpn it’s easy to do it without Any problem cause I’m in the same net, but that’s not the question!, I’m having some nat troubles in my pFSense configuration And that’s what I’m trying to resolve! I would like to know what is delaying the connection to the cam while the connection to rdp, for example, is much faster!.