Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cant set up nat please help

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kage
      last edited by

      ok i used to use pfSense about a year and a half ago as the firewall for my small server/network… worked great no problems.

      i just started using it again and i cant get my NAT to work at all.... i have a webserver (internal ip 192.168.1.158 lets say) it runs web (80) ssh (22) and 2 other services on other ports. i have set up nat to forward these ports:

      example:
      If          Proto  Ext. port range    NAT IP                                Int. port range
      WAN  TCP/UDP  80 (HTTP)  192.168.1.158(ext.: any)     80 (HTTP)

      nothing... cant connect to it.
      before you ask yes i have changed the webgui port, and furthermore NONE of the other forwards are working either.

      when i uncheck "Disable NAT Reflection" in system->advanced settings it works perfectly, except for the fact that i can not access any external from my network (lets say i type http://www.google.ca into my browser, it says google in the address bar but gives me my own server)

      can someone tell me what im doing wrong? thanks in advance!

      1 Reply Last reply Reply Quote 0
      • J
        j2b
        last edited by

        Check your WAN interface firewall rules to allow from ANY to 192.168.1.158 IP address, adding corresponding ports. This is what I could not understand. On other firewalls you allow packets on external IP address and port, and afterwards (after getting through), your FW translates them to internal address. In PFsense this is done differently (my gess is PF system), that asks to allow traffic to internal IP address, because NAT is done before filters, rather than after them. The second - check outgoing NAT. If it does not work, then you are getting packets in, but outward packets could not figure the way out. The same - check your gateway settings on HTTP host. Please post, whether this works or not, as well others are welcome to comment my assumptions.
        Regards…

        1 Reply Last reply Reply Quote 0
        • K
          kage
          last edited by

          i am not sure what you are suggesting i do, i have added the rules for the forwarding, i gave an example of the WAN rule in my first post, this is the rule auto created by pfSense when i create the port forward. furthermore, even with "disable firewall" checked, it does not work… but then again with "disable firewall" checked i can not get any internet at all

          does anyone have a solution to what i am doing wrong, i love pfSense but if i can not get this fixed in the next 12 hours i have to abandon it :(

          thanks in advance, again

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            With so little information nobody will be able to tell you what's wrong.

            So, let's start with:

            1. What version of pfSense are you using (eg 1.2.3-RC1 embedded or 1.0 full install)
            2. What is your WAN IP and LAN IP (hide the last number of each if you wish, but don't make them up).
            3. What changes have you made from the default install?
            1 Reply Last reply Reply Quote 0
            • K
              kage
              last edited by

              version: 1.2.3 RC-1
              my lan ip of my server: 192.168.1.158 (static lease)
              only changes i have made since install is to change my dhcp server to only lease 100->155 instead of 199, so that i could staticly lease 158.

              i have just removed 1.2.3RC1 and installed 1.2.2 and it works perfect so … i dont know what the problem was but it is working now

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.