Activate NAT function on pfsense



  • Hello,
    I just started to use pfsense and i need to activate the NAT function
    I followed the steps indicated on the website (how to configure …) but it doesn't work as expected :/
    The rules are well defined (i guess...) but pfsense is working as a "bridge" : it transfers the packets from the WAN to the LAN interface but doesn't direct the packet to the destination specified in the rule

    I could use some help

    Thanks in advance!

    [Edit] I changed my configuration so pfsense not working as a bridge no more but still doesn't NAT the packets eventhough the rule is specified



  • Start by giving more information.
    Good thing to have is "i made rule, wanted to see, and what i see is.."
    can you send screenshots of your rules.



  • These are the rules I've specified (Just consider the one about rdp not ssh)

    I want to connect to a machine (192…22) from my computer (on the same network as pfsense)by connecting to pfsense (@ 192.168.0.136) So I think I specified the rule as I want pfsense to do it but maybe I'm wrong
    [EDIT] I missed to specify that when I try to connect to pfsense, I watched (tcpdump) that the pkts arrive at destination but don't reach 192….22

    Sorry if I'm not very clear. Don't mind asking me for more details, I really need to do this right.



  • Try to disable wan side first rule, where it says "Block private networks"



  • Thank you very much!!
    I think it worked
    I'll try to make some more tests.
    Thanks again!



  • Reason for disabling this rule is that this pfsense isn't on the edge/perimeter..
    But if/when you want to make pfsense an perimeter firewall you should re-enable that rule.



  • Ok
    but if I enable this rule How can I "enable" the rules I've specified?!



  • When you put pfsense directly connected to wan(no other nat's between) then you just setup wan so that you can connect to internet via pfsense and enable that "block private networks" rule and you should be fine



  • i also do same configuration. but still my nat with port forwarding not working kindly do any favor for its work..



  • @mohanrao83:

    i also do same configuration. but still my nat with port forwarding not working kindly do any favor for its work..

    Please provide your rules and topology, so we can have something to work on



  • Sir, first i would like to thanking you for reply.

    first need to aware i m using pfsense 2.0 services squid, squid guard, light squid.

    then i need to access my windows ms sql server rdp 3389 from out side lan internet. like my home.

    now i go to firewall option in port forwarding rule add (+) interface wan, source any port any, destination wan address port 3389, Redirect target IP 172.16.4.145, Redirect target port 3389, NAT reflection system default, Filter rule association add associated filter rule, then SAVE.
    then…............! i will go to firewall rules go to wan interface i see its automatically created a rule TCP * * 172.16.4.145 3389 (MS RDP) * none   NAT

    now i telnet my pfsense from my home telnet 183.182.85.38 3389 it not working.

    but when i ping this its replying and when telnet 183.182.85.38 22 its working.

    sir now can please guide me what i do.... to its work.

    Thanks

    Mohan Rao



  • I don't know why telneting to ssh port works. But when you have port forward rule for RDP then windows host doesn't listen telnet on that port and thusfore it doesn't reply or work.
    if you have msrdp port forward test it with mrdp client( win+r and type mstsc ).



  • so now what i do to work it..
    pls help



  • @Metu69salemi:

    if you have msrdp port forward test it with msrdp client( win+r and type mstsc ).

    Try to connect your host with remote desktop client.



  • i also try to connect from out side broadband internet connection start run mstsc and type my public ip its not connected.
    is there any additional configuration for nat or port forwarding in pfsense server.



  • and you can connect to that client with rdp in same lan? Does that client have anti-virus/firewall software which might block connection



  • no sir its easily connected in our lan.
    and after i got your message i try with disable antivirus and windows firewall.
    then its connect mstsc only my lan when i try from outside its not working..
    now…..!



  • Same problem here.

    The migrated from 1.2.3 NAT/Rules seem ok. I tried to recreate some of them, but I got the same result: no connection.

    It should be some thing there which it's blocking the previous NAT / Rules way of working. I tested enabling and disabling the reflection but no luck.

    Metu69salemi: The telnet to a port (different than the traditional 22 port) it's a good way to do a basic test if a port it's open. If you got a black screen seems the port it's open. Try it and you will see.



  • I fixed my problem. Here it's my solution.

    On 1.2.3 I had the LAN card with two IPs (you needed to modify manually the config file for it). One used for routing (starts with 172) to other networks and the near lan ip address (starts with 192). I have also a lot of static routes created using a gateway on the 172 network.

    The problem seems to be a bad startup of the pfSense 2.0, because the IP Alias are set after the static routes creation. And it should be any problem with it because they do not appear on the netstat -r. And when I enter to the webconfigurator some services were down (¿due to a blocked startup script or one script exiting before ending due to an error?).

    I set the 172 ip address to the LAN and set the 192 ip address as alias doing a backup, edit, restore process. On the next reboot all the routes (netstat -r) were show, all the processes are UP after the reboot and the NAT works ok.


Log in to reply