NAT Rule Inconsistent behaviour on 2.0-RC1 (i386) and MLDONKEY



  • I have created a number of port forwards for bit torrent and MLDonkey traffic from WAN to OPT1

    Bit Torrent is NAT 1 Rule
    MLDonkey is NAT 2 Rule

    Port Forward NAT Rules
                  If      Proto      Src.addr  Src.ports  Dest. addr    Dest. ports        NAT IP            NAT Ports                  
    Nat 1: WAN   TCP/UDP        *              *          OPT1 net    6881 - 6884      192.168.3.2    6881 - 6884
    Nat 2: WAN       TCP          *            *          WAN net          16662          192.168.3.2        16662

    The above rule works and has created an associated firewall rule in the rules section

    Port Forward NAT Rules
                    Proto        Source      Port        Destination          Port            Gateway    Queue Schedule              
    F/W 1: TCP/UDP       *                *          192.168.3.2      6881 - 6884        *            none  
    F/W 2: TCP               *                *          192.168.3.2      16662                *            none

    MLDonkey porttest reports OK for this configuration.

    I've read the manual and I still don't understand the following:

    • Why does the firewall rule F/W 2 associated with NAT 2 block traffic (reports the block on a proto value = TCP:S) if the Destination Address is changed from WAN or ANY to OPT1 net but the NAT 1 rule works using OPT1 net?

    Any assistance to understand why there is a different behavior would be greatly appreciated



  • Destination should be "WAN address" only, never anything else unless you have multiple public IPs. I updated this page with more info on how that works in 2.0.
    http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F


Locked