PAT/NAT problem, bug - pfSense 1.2.3

warhed

Hello,

I am having a problem with two Firewall/NAT/PAT rules

The first one: Access pfSense Web GUI from WAN
Using the help guide here: http://doc.pfsense.org/index.php/Remote_firewall_Administration I was able to create an HTTPS:443 Firewall Rule that worked as I was able to reach the front pfSense Admin Web interface as stated.

Then i decided to do a PAT: I setup the rule to be port 44443 and to translate to HTTPS 443. The WAN Web Admin no longer worked.

I then accessed the pfSense unit from the LAN side via HTTPS 443, works fine as expected. From there I changed the pfSense Web Interface under General and chose HTTPS (already set) and port 44443. This would match the rule rather than translate from one port to another.

I altered the rule to be the same as the help guide, except choosing Other: 44443-44443 and also on the destination 44443-44443

Still does not work.

Reverting everything back to HTTPS from the drop down menu and changing the pfSense admin from 44443 to 443 allows me back in from the WAN

I have no other rules using HTTPS, 443, 44443 as this is a brand new setup.

Any suggestions?

warhed

I got this to work.

My pfsense Admin is configured for HTTPS and port 4443 under the General options.

I then redid the Firewall rule and under Source port range I put ANY rather than 4443.

Save, and then I was able to get in fine.

warhed

The second problem I had is that I cannot seem to get PAT - Port Address Translation to work.

I have a Belkin KVM with IP access. It awaits connects via Web on port 443.

I setup a rule in pfSense to accept port 44443 and translate that to 443 and to the IP of my Belkin KVM at 192.168.1.15

This does not work.

If I change the Belkin KVM IP HTTPS port from 443 to 44443 then I am able to access the unit.

Does "PAT"'ing not work with pfSense?

Nachtfalke

Use pfsense 2.0.1 and don't play with old and unsupported games :-)

warhed

I can move to pfSense 2.0.1 but it might have modules that won't work with it, yet, such as BandwidthD

What games do you mean? Not having any games server here (just yet)

;)

Nachtfalke

@warhed:

I can move to pfSense 2.0.1 but it might have modules that won't work with it, yet, such as BandwidthD

What games do you mean? Not having any games server here (just yet)

;)

Just kidding: games = pfsense :)

cmb

@warhed:

I can move to pfSense 2.0.1 but it might have modules that won't work with it, yet, such as BandwidthD

bandwidthd works fine, all packages at this point are in much better condition on 2.0.x than 1.2.3, they haven't been maintained on 1.2.3 in ages.

@warhed:

I setup a rule in pfSense to accept port 44443 and translate that to 443 and to the IP of my Belkin KVM at 192.168.1.15

This does not work.

If I change the Belkin KVM IP HTTPS port from 443 to 44443 then I am able to access the unit.

Does "PAT"'ing not work with pfSense?

of course it works, sounds like you don't know what source ports are (they're random, not the same as the destination), and that you aren't adding port forwards, expecting firewall rules to redirect traffic.
http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F