To NAT or not to NAT thats the question !



  • Hi people

    I have some strange NAT problems and can'n get em solved.
    I am using the PFSense BETA 1.0 on my WRAP and want to FTP and SSH from the universe :-) to my home server.
    I set up for example SSH in NAT like this

    WAN Interface -> Proto TCP -> Port 22 -> NAT IP 192.168.192.4 -> Port 22

    And the firewall rule on the WAN interface is that

    WAN Interface -> Proto TCP -> Source  * -> Port 22 (SSH) -> Destination 192.168.192.4 -> Port 22 (SSH)

    but it won't work :-(
    when I am @home ( from within LAN) it works well and when I am connected via PPTP it is ok too.
    Well I do not get it , some of you maybe ? please help

    FTP is working neither from outside nor from inside out.

    WHAARG !

    so long …and thx



  • FTP is under observation atm and it looks that something is a bit borked there.

    To access your pfsense from WAN-side you don't need a NAT. Simply create a pass rule at WAN with protocol tcp from source any, port any, destination interface adress, port SSH.



  • thx for the answer…
    ...will ftp work better in beta 2 ?

    the thing with ssh is that i do not want to ssh to my pfsense box but to my FreeBSD server. and i think thats the point where i need a NAT rule for it.
    but this won't work either ! hmm..

    so long...



  • ssh works for now

    the source port for the rule was wrong, I set it to any

    thx

    http://forum.pfsense.org/index.php?topic=408.0



  • @tobsen:

    thx for the answer…
    ...will ftp work better in beta 2 ?

    we are working on it. check http://cvstrac.pfsense.com/timeline for improvements to expect in beta2.



  • @hoba:

    FTP is under observation atm and it looks that something is a bit borked there.

    To access your pfsense from WAN-side you don't need a NAT. Simply create a pass rule at WAN with protocol tcp from source any, port any, destination interface adress, port SSH.

    I have observed it not working to a remote FTP site.  ;D



  • same for me
      neither in, nor out  :o



  • OK … its working now in PREBETA2 ... so it should be working in the upcome release (whenever that will be)

    Thanks guys!!!


Locked