Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN > WAN not working

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RCS-Michael
      last edited by

      Hi all,

      This is only my second pfSense firewall deployment but I have deployed m0n0walls for many years. My first pfSense went fine but did not use 1:1 NAT. This deployment does have 1:1 NAT configured and for some reason, the only computer which can access the WAN is the one with the 1:1 NAT mapping. The general LAN cannot access the WAN. Below are the portions of the config which I think are relevant. Please let me know if I have left anything out which could assist with troubleshooting. I have obfuscated the IP addresses used but it should be easy to read. Thank you for any help you can give me with this. Everything seems to be configured correctly but apparently I am missing something.

      • <pfsense><version>3.0</version>
      • <system><optimization>normal</optimization>
          <schedulertype>priq</schedulertype>
          <hostname>firewall</hostname>
          <domain>abc.lan</domain>
          <username></username>
          <password>
        </password>
          <timezone>America/New_York</timezone>
          <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
      • <webgui><protocol>https</protocol></webgui>
          <disablenatreflection>yes</disablenatreflection>
          <dnsserver>68.94..</dnsserver>
          <dnsserver>68.94..</dnsserver>
          <dnsallowoverride></dnsallowoverride></time-update-interval></system>
      • <interfaces>- <lan><if>vr0</if>
          <ipaddr>192.168.1.1</ipaddr>
          <subnet>24</subnet>
          <media><mediaopt><bandwidth>100</bandwidth>
          <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan>
      • <wan><if>vr1</if>
          <mtu><blockpriv><blockbogons><media><mediaopt><bandwidth>100</bandwidth>
          <bandwidthtype>Mb</bandwidthtype>
          <spoofmac><disableftpproxy><ipaddr>7...131</ipaddr>
          <subnet>29</subnet>
          <gateway>7...129</gateway></disableftpproxy></spoofmac></mediaopt></media></blockbogons></blockpriv></mtu></wan></interfaces>
          <staticroutes>- <nat>- <ipsecpassthru><enable></enable></ipsecpassthru>
      • <onetoone><external>7...132</external>
          <internal>192.168.1.11</internal>
          <subnet>32</subnet>
          <descr>SERVER01</descr>
          <interface>wan</interface></onetoone>
      • <rule><external-address>7...132</external-address>
          <protocol>tcp</protocol>
          <external-port>25</external-port>
          <target>SERVER01</target>
          <local-port>25</local-port>
          <interface>wan</interface>
          <descr>Forward SMTP to SERVER01</descr></rule>
      • <rule><external-address>7...132</external-address>
          <protocol>tcp</protocol>
          <external-port>465</external-port>
          <target>SERVER01</target>
          <local-port>465</local-port>
          <interface>wan</interface>
          <descr>Forward SMTPS to SERVER01</descr></rule>
      • <rule><external-address>7...132</external-address>
          <protocol>tcp</protocol>
          <external-port>80</external-port>
          <target>SERVER01</target>
          <local-port>80</local-port>
          <interface>wan</interface>
          <descr>Forward HTTP to SERVER01</descr></rule>
      • <rule><external-address>7...132</external-address>
          <protocol>tcp</protocol>
          <external-port>443</external-port>
          <target>SERVER01</target>
          <local-port>443</local-port>
          <interface>wan</interface>
          <descr>Forward HTTPS to SERVER01</descr></rule>
      • <rule><external-address>7...132</external-address>
          <protocol>tcp</protocol>
          <external-port>444</external-port>
          <target>SERVER01</target>
          <local-port>444</local-port>
          <interface>wan</interface>
          <descr>Forward WSS to SERVER01</descr></rule>
      • <rule><external-address>7...132</external-address>
          <protocol>tcp</protocol>
          <external-port>1723</external-port>
          <target>SERVER01</target>
          <local-port>1723</local-port>
          <interface>wan</interface>
          <descr>Forward PPTP to SERVER01</descr></rule>
      • <rule><protocol>tcp</protocol>
          <external-port>3389</external-port>
          <target>SERVER01</target>
          <local-port>3389</local-port>
          <interface>wan</interface>
          <descr>Forward RDP to SERVER01</descr></rule>
      • <rule><external-address>7...132</external-address>
          <protocol>tcp</protocol>
          <external-port>4125</external-port>
          <target>SERVER01</target>
          <local-port>4125</local-port>
          <interface>wan</interface>
          <descr>Forward RDPProxy to SERVER01</descr></rule>
      • <rule><external-address>7...132</external-address>
          <protocol>tcp</protocol>
          <external-port>987</external-port>
          <target>SERVER01</target>
          <local-port>987</local-port>
          <interface>wan</interface>
          <descr>Forward WSS 2 to SERVER01</descr></rule>
      • <rule><external-address>7...132</external-address>
          <protocol>gre</protocol>
          <external-port><target>SERVER01</target>
          <local-port><interface>wan</interface>
          <descr>Forward GRE to SERVER01</descr></local-port></external-port></rule>
      • <advancedoutbound>- <rule>- <source>
          <network>192.168.1.0/24</network>

      <sourceport><descr>Auto created rule for LAN</descr>
        <target><interface>wan</interface>

      • <destination><any></any></destination>
          <natport></natport></target></sourceport></rule></advancedoutbound></nat>
      • <filter>- <rule><type>pass</type>
          <interface>wan</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os><protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>25</port></destination>
        <log><descr>NAT Forward SMTP to SERVER01</descr></log></any></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><interface>wan</interface>
          <protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>465</port></destination>
        <descr>NAT Forward SMTPS to SERVER01</descr></any></rule>

      • <rule><interface>wan</interface>
          <protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>80</port></destination>
        <descr>NAT Forward HTTP to SERVER01</descr></any></rule>

      • <rule><interface>wan</interface>
          <protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>443</port></destination>
        <descr>NAT Forward HTTPS to SERVER01</descr></any></rule>

      • <rule><interface>wan</interface>
          <protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>444</port></destination>
        <descr>NAT Forward WSS to SERVER01</descr></any></rule>

      • <rule><interface>wan</interface>
          <protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>1723</port></destination>
        <descr>NAT Forward PPTP to SERVER01</descr></any></rule>

      • <rule><interface>wan</interface>
          <protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>3389</port></destination>
        <descr>NAT Forward RDP to SERVER01</descr></any></rule>

      • <rule><interface>wan</interface>
          <protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>4125</port></destination>
        <descr>NAT Forward RDPProxy to SERVER01</descr></any></rule>

      • <rule><interface>wan</interface>
          <protocol>tcp</protocol>
      • <source>
          <any>- <destination><address>SERVER01</address>

      <port>987</port></destination>
        <descr>NAT Forward WSS 2 to SERVER01</descr></any></rule>

      • <rule><interface>wan</interface>
          <protocol>gre</protocol>

      • <source>
          <any>- <destination><address>SERVER01</address></destination>
          <descr>NAT Forward GRE to SERVER01</descr></any></rule>

      • <rule><type>pass</type>
          <interface>lan</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <network>lan</network>

      • <destination><any></any></destination>
          <log><descr>Default LAN -> any</descr></log></os></statetimeout></max-src-states></max-src-nodes></rule></filter>

      • <aliases>- <alias><name>SERVER01</name>

      <address>192.168.1.11</address>

      <descr>Windows SBS Server</descr>
        <type>host</type>
        <detail>Entry added Tue, 30 May 2000 08:46:53 +0000||</detail></alias></aliases>
        <proxyarp>- <virtualip>- <vip><mode>proxyarp</mode>
        <interface>wan</interface>
        <descr>SERVER01</descr>
        <type>single</type>
        <subnet_bits>32</subnet_bits>
        <subnet>7...132</subnet></vip></virtualip></proxyarp></staticroutes></pfsense>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.