LAN > WAN not working



  • Hi all,

    This is only my second pfSense firewall deployment but I have deployed m0n0walls for many years. My first pfSense went fine but did not use 1:1 NAT. This deployment does have 1:1 NAT configured and for some reason, the only computer which can access the WAN is the one with the 1:1 NAT mapping. The general LAN cannot access the WAN. Below are the portions of the config which I think are relevant. Please let me know if I have left anything out which could assist with troubleshooting. I have obfuscated the IP addresses used but it should be easy to read. Thank you for any help you can give me with this. Everything seems to be configured correctly but apparently I am missing something.

    • <pfsense><version>3.0</version>
    • <system><optimization>normal</optimization>
        <schedulertype>priq</schedulertype>
        <hostname>firewall</hostname>
        <domain>abc.lan</domain>
        <username>***</username>
        <password>***</password>
        <timezone>America/New_York</timezone>
        <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
    • <webgui><protocol>https</protocol></webgui>
        <disablenatreflection>yes</disablenatreflection>
        <dnsserver>68.94..</dnsserver>
        <dnsserver>68.94..</dnsserver>
        <dnsallowoverride></dnsallowoverride></time-update-interval></system>
    • <interfaces>- <lan><if>vr0</if>
        <ipaddr>192.168.1.1</ipaddr>
        <subnet>24</subnet>
        <media><mediaopt><bandwidth>100</bandwidth>
        <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan>
    • <wan><if>vr1</if>
        <mtu><blockpriv><blockbogons><media><mediaopt><bandwidth>100</bandwidth>
        <bandwidthtype>Mb</bandwidthtype>
        <spoofmac><disableftpproxy><ipaddr>7...131</ipaddr>
        <subnet>29</subnet>
        <gateway>7...129</gateway></disableftpproxy></spoofmac></mediaopt></media></blockbogons></blockpriv></mtu></wan></interfaces>
        <staticroutes>- <nat>- <ipsecpassthru><enable></enable></ipsecpassthru>
    • <onetoone><external>7...132</external>
        <internal>192.168.1.11</internal>
        <subnet>32</subnet>
        <descr>SERVER01</descr>
        <interface>wan</interface></onetoone>
    • <rule><external-address>7...132</external-address>
        <protocol>tcp</protocol>
        <external-port>25</external-port>
        <target>SERVER01</target>
        <local-port>25</local-port>
        <interface>wan</interface>
        <descr>Forward SMTP to SERVER01</descr></rule>
    • <rule><external-address>7...132</external-address>
        <protocol>tcp</protocol>
        <external-port>465</external-port>
        <target>SERVER01</target>
        <local-port>465</local-port>
        <interface>wan</interface>
        <descr>Forward SMTPS to SERVER01</descr></rule>
    • <rule><external-address>7...132</external-address>
        <protocol>tcp</protocol>
        <external-port>80</external-port>
        <target>SERVER01</target>
        <local-port>80</local-port>
        <interface>wan</interface>
        <descr>Forward HTTP to SERVER01</descr></rule>
    • <rule><external-address>7...132</external-address>
        <protocol>tcp</protocol>
        <external-port>443</external-port>
        <target>SERVER01</target>
        <local-port>443</local-port>
        <interface>wan</interface>
        <descr>Forward HTTPS to SERVER01</descr></rule>
    • <rule><external-address>7...132</external-address>
        <protocol>tcp</protocol>
        <external-port>444</external-port>
        <target>SERVER01</target>
        <local-port>444</local-port>
        <interface>wan</interface>
        <descr>Forward WSS to SERVER01</descr></rule>
    • <rule><external-address>7...132</external-address>
        <protocol>tcp</protocol>
        <external-port>1723</external-port>
        <target>SERVER01</target>
        <local-port>1723</local-port>
        <interface>wan</interface>
        <descr>Forward PPTP to SERVER01</descr></rule>
    • <rule><protocol>tcp</protocol>
        <external-port>3389</external-port>
        <target>SERVER01</target>
        <local-port>3389</local-port>
        <interface>wan</interface>
        <descr>Forward RDP to SERVER01</descr></rule>
    • <rule><external-address>7...132</external-address>
        <protocol>tcp</protocol>
        <external-port>4125</external-port>
        <target>SERVER01</target>
        <local-port>4125</local-port>
        <interface>wan</interface>
        <descr>Forward RDPProxy to SERVER01</descr></rule>
    • <rule><external-address>7...132</external-address>
        <protocol>tcp</protocol>
        <external-port>987</external-port>
        <target>SERVER01</target>
        <local-port>987</local-port>
        <interface>wan</interface>
        <descr>Forward WSS 2 to SERVER01</descr></rule>
    • <rule><external-address>7...132</external-address>
        <protocol>gre</protocol>
        <external-port><target>SERVER01</target>
        <local-port><interface>wan</interface>
        <descr>Forward GRE to SERVER01</descr></local-port></external-port></rule>
    • <advancedoutbound>- <rule>- <source>
        <network>192.168.1.0/24</network>

    <sourceport><descr>Auto created rule for LAN</descr>
      <target><interface>wan</interface>

    • <destination><any></any></destination>
        <natport></natport></target></sourceport></rule></advancedoutbound></nat>
    • <filter>- <rule><type>pass</type>
        <interface>wan</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os><protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>25</port></destination>
      <log><descr>NAT Forward SMTP to SERVER01</descr></log></any></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><interface>wan</interface>
        <protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>465</port></destination>
      <descr>NAT Forward SMTPS to SERVER01</descr></any></rule>

    • <rule><interface>wan</interface>
        <protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>80</port></destination>
      <descr>NAT Forward HTTP to SERVER01</descr></any></rule>

    • <rule><interface>wan</interface>
        <protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>443</port></destination>
      <descr>NAT Forward HTTPS to SERVER01</descr></any></rule>

    • <rule><interface>wan</interface>
        <protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>444</port></destination>
      <descr>NAT Forward WSS to SERVER01</descr></any></rule>

    • <rule><interface>wan</interface>
        <protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>1723</port></destination>
      <descr>NAT Forward PPTP to SERVER01</descr></any></rule>

    • <rule><interface>wan</interface>
        <protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>3389</port></destination>
      <descr>NAT Forward RDP to SERVER01</descr></any></rule>

    • <rule><interface>wan</interface>
        <protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>4125</port></destination>
      <descr>NAT Forward RDPProxy to SERVER01</descr></any></rule>

    • <rule><interface>wan</interface>
        <protocol>tcp</protocol>
    • <source>
        <any>- <destination><address>SERVER01</address>

    <port>987</port></destination>
      <descr>NAT Forward WSS 2 to SERVER01</descr></any></rule>

    • <rule><interface>wan</interface>
        <protocol>gre</protocol>

    • <source>
        <any>- <destination><address>SERVER01</address></destination>
        <descr>NAT Forward GRE to SERVER01</descr></any></rule>

    • <rule><type>pass</type>
        <interface>lan</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <network>lan</network>

    • <destination><any></any></destination>
        <log><descr>Default LAN -> any</descr></log></os></statetimeout></max-src-states></max-src-nodes></rule></filter>

    • <aliases>- <alias><name>SERVER01</name>

    <address>192.168.1.11</address>

    <descr>Windows SBS Server</descr>
      <type>host</type>
      <detail>Entry added Tue, 30 May 2000 08:46:53 +0000||</detail></alias></aliases>
      <proxyarp>- <virtualip>- <vip><mode>proxyarp</mode>
      <interface>wan</interface>
      <descr>SERVER01</descr>
      <type>single</type>
      <subnet_bits>32</subnet_bits>
      <subnet>7...132</subnet></vip></virtualip></proxyarp></staticroutes></pfsense>


Log in to reply