New to PfSense. Need some help getting Natted servers accessible.

  • Hi.  This is my first post.  I've been using endian, but I'm about to migrate to Pfsense, granting I can get some issues sorted out.

    I have configured a new install via the ISO.  I have specified the LAN and WAN addresses.  I have tried setting NAT for one of my servers behind the FW, but I'm haivng a hard time connecting to it.  I have set the nat and firewall rules.  I have also set the virtual IP (I've tried both proxyarp and other, both no luck).  I did not touch the settings in outbound (left it at auto), and I left the LAN rules the way it is (one entry that allows all lan traffic).

    The issues I encounter is I cannot ping the public IP of the natted server.  I cannot access any ports that I have defined in my rules and nat settings as well.  I know it's a firewall issue as I can connect to any servers from within the network. And from withint he natted server I can ping the firewall's private IP and public IP.  But any other public IP I get a time out (I even tried putting a rule to allow any ICMP to anywhere but still getting time out).

    Am I missing something here in configuration?  I need to migrate all servers behind our endian firewall to pfsense but I need to get this working first.

    Any help is much appreciated.


  • Did you check your system logs to see if the firewall is blocking your desired traffic?

  • for some strange reason, i had to reinstall pfsense with the exact same settings, and now it's working fine.

    weird, but i'm not complaining.

    question.  if i select 1:1 nat it's doing it symmetrical right?  I need this for sipx (sip server from sipfoundry) and I'm having issues with no audio on incoming calls.

  • I have setup a VIP for my other public IP, then created a 1:1 NAT and added the appropriate firewall rules.  However, when the server using this ip communicates with the outside, it reflects the main firewall IP and not the virtual IP.  Shouldn't it be reflecting hte VIP since it's a 1:1 nat?  if not, then how can I have the outbound for this VIP to display instead of the firewall's main ip?

    please advice

  • You may need to exclude that IP address from your outbound NAT rules or make a special outbound NAT rule for that IP.

  • What does this mean please?

    when the server using this ip communicates with the outside, it reflects the main firewall IP and not the virtual IP

    What does```
    pfctl -sn

Log in to reply