1:1 NAT outbound traffic (newbie)

  • Hi!

    I have added a 1:1 NAT for my web server
    WAN  83.140.x.x/32  192.168.x.x/32

    … and a rule to permit incoming http requests
    TCP  *  *  192.168.x.x  80 (HTTP)  *

    But I cannot access Internet from my web server. Isn't it covered by the  Default LAN -> any rule?

  • Is this the real WAN IP? Or do you try to make use of an additional IP? In that case you need to create a VIP at your WAN first for the additional IP before you can NAT it.

  • No this is a Proxy ARP VIP. The incoming http traffic rule is working, but I can't access Internet from the web server.

  • What's in front of your WAN (pfSense NIC)? Gateway at the server is correct? So clients coming from externally do see the http page it hosts? DNS is correct and working on the server?

  • Clients coming from externally do see the http pages. All LAN hosts have Internet access except the 1:1 NAT:ed server. If I use port fowarding instead of 1:1 NAT everything works as expected and the server has Internet access. But I would like the 1:1 NAT:ed setup.

  • I experience the same issue with 1:1 NAT, regardless of whatever I try under pfsense 1.01.  Any ideas how I might go about troubleshooting this issue?

Log in to reply