Pfsense 2 NAT issue



  • Hi

    I'm having a couple of issues setting up what should be a relatively simple NAT setup on pfsense 2

    I have one main WAN address 1.1.1.1

    I then have a block of 16 IP's that come in on 1.1.2.2/1.1.2.3 etc etc

    I have the following LANS -

    10.0.0.0 (main lan)
    10.1.1.1 (other lan)
    10.2.2.2 (DMZ lan)

    I'm trying to do 1:1 NAT on my external IP's to the second LAN.  I've added in my external IP's as Virtual IP's, I've done a 1:1 nat from 1.1.2.2 to 10.1.1.50.  Once that is active I can then ping the external IP.

    I put a firewall rule in to allow all TCP traffic for testing.  When I scan the external IP from and external connection using nmap it shows the usual windows IIS ports open…however I cannot access port 80 at all...

    Is there something simple I'm missing here?

    Thanks in advance

    evano



  • i should add that nmap shows the ports that are opened are in a filtered state…



  • Where did you do your scan from?
    Actually from the outside or from within your network?
    Then this would apply: http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F



  • I am defiantly scanning the network from an external network…i have NAT reflection turned on in pfsense 2 regardless...

    cheers

    evano



  • Could you show a screenshot of your firewall rules?



  • www alias is set for LAN client 10.0.0.50
    wwwports alias is ports 80 and 443

    nat is a 1:1 mapping from external IP (removed from screenshot) to internal LAN IP

    Virtual IP has also been setup…

    thanks for the assistance






  • ok, sorry for the fuss, turns out my ISP was blocking port 80 DESPITE having a high level business connection!

    a FYI for the future if nmap shows your ports as being filtered this could be as a result of ISP level port blocking!

    thanks for the help! :-)


Log in to reply