NAT Rule Inconsistent behaviour on 2.0-RC1 (i386) and MLDONKEY

shanepark

I have created a number of port forwards for bit torrent and MLDonkey traffic from WAN to OPT1

Bit Torrent is NAT 1 Rule
MLDonkey is NAT 2 Rule

Port Forward NAT Rules
              If      Proto      Src.addr  Src.ports  Dest. addr    Dest. ports        NAT IP            NAT Ports                  
Nat 1: WAN   TCP/UDP        *              *          OPT1 net    6881 - 6884      192.168.3.2    6881 - 6884
Nat 2: WAN       TCP          *            *          WAN net          16662          192.168.3.2        16662

The above rule works and has created an associated firewall rule in the rules section

Port Forward NAT Rules
                Proto        Source      Port        Destination          Port            Gateway    Queue Schedule              
F/W 1: TCP/UDP       *                *          192.168.3.2      6881 - 6884        *            none  
F/W 2: TCP               *                *          192.168.3.2      16662                *            none

MLDonkey porttest reports OK for this configuration.

I've read the manual and I still don't understand the following:

• Why does the firewall rule F/W 2 associated with NAT 2 block traffic (reports the block on a proto value = TCP:S) if the Destination Address is changed from WAN or ANY to OPT1 net but the NAT 1 rule works using OPT1 net?

Any assistance to understand why there is a different behavior would be greatly appreciated

cmb

Destination should be "WAN address" only, never anything else unless you have multiple public IPs. I updated this page with more info on how that works in 2.0.
http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F