Can't get NAT working



  • Hi

    I am having a difficult time to get my NAT working. I think there is a general Firewall Rules problem. Not sure if I got that right..

    I have the following situation

    WAN: xxx.xxx.xxx.xxx
    PROD: 192.168.10.0/24
    TEST: 192.168.1.0/24

    • I would like to do a NAT from WAN port 80 to a Server in TEST port 22 (ssh)
    • I would like to allow any traffic from PROD to TEST and vice versa
    • All ports going in should be blocked (except for the NAT)
    • All ports going out should be open

    I have added all the screenshots…

    The communication between PROD and TEST works although sometimes quite slow...

    ![Screen Shot 2012-04-20 at 8.29.31 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.29.31 AM.png)
    ![Screen Shot 2012-04-20 at 8.29.31 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.29.31 AM.png_thumb)
    ![Screen Shot 2012-04-20 at 8.29.48 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.29.48 AM.png)
    ![Screen Shot 2012-04-20 at 8.29.48 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.29.48 AM.png_thumb)
    ![Screen Shot 2012-04-20 at 8.32.58 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.32.58 AM.png)
    ![Screen Shot 2012-04-20 at 8.32.58 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.32.58 AM.png_thumb)
    ![Screen Shot 2012-04-20 at 8.33.12 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.33.12 AM.png)
    ![Screen Shot 2012-04-20 at 8.33.12 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.33.12 AM.png_thumb)
    ![Screen Shot 2012-04-20 at 8.57.13 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.57.13 AM.png)
    ![Screen Shot 2012-04-20 at 8.57.13 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-20 at 8.57.13 AM.png_thumb)



  • Remove the static routes, as it says you never add static routes for locally attached networks. Note that will remove the link route too so you'll have to reboot after doing so, it'll drop off the network.

    Your firewall rules on internal interfaces are largely redundant. For instance on PROD, the first rule matches everything so the two subsequent rules do nothing. The second rule on TEST matches everything so the rest are redundant.

    Port forward config is fine. Troubleshooting steps for that here:
    http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting


Log in to reply