Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Moved from UI EdgeRouter to PFSense, NAT Reflection still not working?

    NAT
    1
    2
    651
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NorligN
      Norlig
      last edited by Norlig

      I recently had an issue with my Ubiquiti Edgerouter, where I no longer was able to reach the web service hosted on my server, using my external domain name. I had NAT reflection turned on there.

      Unable to sort it out on the Ubiquiti EdgeRouter, I thougth I'd give pfSense a try, never having tried it out before.
      running it on an HP 800G2 Desktop mini, with tagged WAN and untagged Lan + managed switch.

      I got my home LAN online, and port forwarding is working from the WAN side.

      But when I try to access: https://<domain-pointing-to-my-wan-IP-address>:<port>/ , from the LAN side. It is not working.

      This was working fine before on the Ubuquiti Router and I dont believe I changed anything there to break it.
      Now that I switched to pfSense and hopefully set it up right, it is still not working.

      I got Windows firewall rules set up to allow for edge traversal and allowed for any remote ip address.

      Hopefully someone have any suggestions to what I can try.

      Some screenshots from pfSense:

      04d52c82-d295-4293-a420-ac76c6040eb0-image.png


      12d9669b-6e0c-4c8a-a5b6-e2e7e0071231-image.png


      7f3c4f4c-7d5d-4bbb-943a-26620e212179-image.png
      30229862-ea68-4136-acce-4cefeb4bd043-image.png


      8b9d6fee-983f-4ad2-a9ed-898c3c2aa3ad-image.png


      NorligN 1 Reply Last reply Reply Quote 0
      • NorligN
        Norlig @Norlig
        last edited by

        So this is embarrasing...

        I have a Mail server that I recently changed the password on my mail account for, this Mail service runs on my home-server.

        I got a scheduled powershell script that goes through the logs of this mail service and automatically blocks incoming connections from IP addresses that try to brute force-login or use my mail server as a forwarder. (fail2ban script I made in powershell)

        Apparently, since I changed the password to my account, my Gateway-iP (192.168.10.1) was blocked by this script, probably because I had not changed it on my phone.

        so it was not NAT reflection that was broken, it was my windows firewall...

        will change the powershell script now, to not block my gateway IP :)

        also going back to the Ubiquiti Router, as I was able to get IPsec to work there, while I find it very advanced for pfsense

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.