Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 WAN&1LAN setup, NAT not working

    Scheduled Pinned Locked Moved NAT
    10 Posts 4 Posters 990 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zotyo
      last edited by

      Hi,

      I have two internet providers, one is configured on WAN having it's own GW-WAN and OPT1 having it's own GW-OPT1. In my LAN I have one mail server and would like to forward port 110 to it. I have set up 2 NAT rules, one for WAN address and one for OPT1 address, both pointing to internal IP on port 110 TCP.

      Now the strange thing:

      telnet WAN 110 -> works fine
      telnet OPT1 110 -> does not work

      I have monitored the incoming traffic and see the source IP where I launched the telnet command in the list. What am I doing wrong? In the past everything worked fine. I have just done a fresh install with 2.5.1. Here it doesn't work anymore.

      Thanks, Zoltan

      1 Reply Last reply Reply Quote 0
      • S
        slu
        last edited by slu

        Known issue:
        https://redmine.pfsense.org/issues/11805

        pfSense Gold subscription

        Z T 2 Replies Last reply Reply Quote 1
        • Z
          Zotyo @slu
          last edited by

          @slu Thanks a lot for the quick update. Any idea when 2.6.0 is planned to be released?

          S 1 Reply Last reply Reply Quote 0
          • S
            slu @Zotyo
            last edited by

            @zotyo
            no.
            Waiting for weeks now...

            pfSense Gold subscription

            1 Reply Last reply Reply Quote 1
            • T
              testcb00 @slu
              last edited by testcb00

              @slu

              I would like to know if my problem is the same case.

              Currently my set up is
              0720.png

              I follow KOM's reply in my Post.
              https://forum.netgate.com/topic/163653/two-public-ip-a-b-one-dhcp-how-to-make-specific-internal-ip-use-ip-b?_=1622370294809

              I use this code to verify that I am using the second IP.

              wget -qO - https://wtfismyip.com/text
              

              However, today I want to test the Port Forward solution, I find that I am not able to use port in another IP.
              Is my case suffered from the bug which you mention?

              Sorry for my English.

              Z V 2 Replies Last reply Reply Quote 0
              • Z
                Zotyo @testcb00
                last edited by

                @testcb00 In my personal case I don't have the ASUS AC68U router. Both public IPs go directly to pfsense. I have read the message you were referring to and it looks a bit different then the one you are mentioning above. But I will try to answer your question.

                first of all: is your pfsense LAN in the same network as your Jail? If yes, then it should work, but only if your IP A is your main WAN connection on pfsense. If not, in my opinion, you should be affected by this bug.

                T 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @testcb00
                  last edited by

                  @testcb00

                  If you're running 2.5.1 you're affected from this bug likewise.

                  However, with a router in front of one WAN interface, you may do a workaround if it is capable of masquerading on inbound connections.
                  So you could configure WAN B as your default gateway, while WAN A doesn't need any gateway due to masquerading.

                  T 1 Reply Last reply Reply Quote 1
                  • T
                    testcb00 @Zotyo
                    last edited by

                    @zotyo
                    Sorry for my misleading, IP B is my main WAN for pfSense. For other TrueNAS Jail (in default gateway - IP B), I can do port forwarding.
                    I can do port forwarding to my Raspberry Pi (direct connect to AC68U (IP A) in my Router.

                    1 Reply Last reply Reply Quote 0
                    • T
                      testcb00 @viragomann
                      last edited by

                      @viragomann
                      Currently IP B is my default Gateway. Today I add IP A (my previous network) as second WAN.
                      Do you mean that I can do some config in pfSense to get the IP A (second WAN) port forwarding function?

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @testcb00
                        last edited by

                        @testcb00 said in 2 WAN&1LAN setup, NAT not working:

                        Do you mean that I can do some config in pfSense to get the IP A (second WAN) port forwarding function?

                        As I mentioned, it depends on the capabilities of the router in front of the WAN interface. I don't know it. If it does masquerading incoming traffic it should work straight forward.
                        Some consumer routers do this by default.

                        Masquerading means that it translates the source IP of incoming forwarded packets into its own internal IP (also known as SNAT). This is what the outbound NAT does on pfSense.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.