Static Port Oubound NAT not working [it's working]

miafya · Dec 14, 2009, 3:40 PM

Not sure what I'm missing here…

I've turned on manual outbound NAT because I want static port mapping on one of our subnets. NAT is working great but it's still randomizing the ports.

See attached screen shot (second rule for the 10.11.0.0 network).

When I show states it's still showing entries like this:
10.11.0.154:64033 -> public.wan.address:64033 -> 64.12.25.191:443

So I assume it's still randomizing ports.

What am I missing?

GruensFroeschli · Dec 14, 2009, 3:39 PM

When I show states it's still showing entries like this:
10.11.0.154:64033 -> public.wan.address:64033 -> 64.12.25.191:443

Where do you see randomization?
Your client initiates a connection from 10.11.0.154:64033.
The pfSense uses the same port on the outside public.wan.address:64033. (<– The same as on the client)
The connection goes to it's destination 64.12.25.191:443.

danswartz · Dec 14, 2009, 6:27 PM

Seconded. It looks like it's doing exactly what it is supposed to be doing!

miafya · Dec 14, 2009, 6:30 PM

Looks like you're right. Sorry about the confusion!

I had assumed it wasn't working because the desired behavior (allowing some gaming consoles behind the pfsense box to nat properly) wasn't working. It turned out to be a problem with allowing multicast traffic on the subnet for UPnP.

Thanks for your help.