Nat Problem



  • Hello,

    I can use pfsense since many months, but since 3-4 days i try to deliver service (teamspeak, ut2k4) for friends.
    I parameter firewall with NAT and firewall rulls but i can't join any else from the web.

    When i try in local, it is ok.

    Example of NAT :
    WAN   UDP   7788   192.168.1.11 (ext.: any) 7788   UT2004Server

    Example of Rules :
    UDP   *   7788   192.168.1.11   7788 *       UT2004Server

    I have already reset states, reboot firewall.

    My package suite :

    Lightsquid  
    OpenVPN-Enhancements
    Pubkey
    imspector
    squid Network
    squidGuard

    In advanced setting i have this choice which is ok : Disable NAT Reflection

    I don't see where is the problem.
    (sorry for my english)

    PS : i access by internet on my web interface for configure my firewall (https)
    don't use DMZ for moment



  • Dont set the external address to any, but to "interface IP".
    Do you have anything blocked in the firewall settings?

    What error do your friends get when they are trying to join?

    Did you try to set the "static IP" option? (search the wiki for this)



  • I have rules for block traffics, but i place them rules before block.

    Dont set the external address to any, but to "interface IP".

    hmmm interface address of my lan on firewall ?
    I don't have lot of choice for that, it is any or external.

    They have no error, for example when i try to join ut's server, it responding by N/A.



  • I try for web admin of this game, but NAT doesn't work.

    I autorised on firewall traffic in 8080.
    I active Manual AON and add this rule :
    LAN    any  8080  *  8080  *  *  YES
    and try whit that :
    WAN    any  8080  *  8080  *  *  YES

    I port forwarding i have that :
      LAN  TCP/UDP  8080  192.168.1.11(ext.: 192.168.1.1) 8080

    Interface admin doesn't work by internet



  • Set to external, not any

    You have a source port defined in your firewallrule for the NATforwarding.
    Set the sourceport to any.



  • Firewall rules :
    TCP/UDP  *  *  *  8080  *

    Port forward :
    WAN  TCP/UDP  8080  192.168.1.11(ext.: any) 8080

    AON :
    WAN    192.168.1.0/24  *  *  *  *  *  YES
    WAN    any  8080  *  8080  *  *  YES

    I change many parameters for try, nothing.



  • Can you do a tcp dump when someone connects?



  • I do'nt know if it is a bug, but since i modify NAT i have problems.
    Bye Internet except in my home, i can't access at web administration of pfsense.
    On my lan i can access to web game admin, not by internet.

    Yesterday i use option "reset to factory…" and always same problems.
    I add same rulls (NAT+firewall) and not i can access to web admin game in my work but not when i have in my home (except by lan).

    I desactivate "Block bogon networks" and now i access in my pfsense webadmin anywhere.



  • I add "dmz" in my configuration.

    Webadmin is on subnet 192.168.10.0
    Lan is on subnet 192.168.1.0

    I add rules and NAT.
    If i want to access on webadmin, it is only possible if i use 192.168.10.2, not possible if i use my dns (dyndns is ok) but if i try at work or others lans, i can access on webadmin (blank page)

    I use whireshark :
    Try to connect on good port (8080).

    For make try, i install a simply Apache2.
    Delete all block rules, add nat rules, nothin can't access by internet on my dmz.
    I try lot of configuration possibility nothing change any else.

    I think it is a bug, NAT is ok for ssh but KO for others :/

    anyone have idea ?



  • Upgrade in 1.2.3 RC3…. now it is ok...

    finally : not all ok...


Log in to reply