Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT on pfSense 2.0.1

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmerlone
      last edited by

      Greetings,

      I am trying to make a dead simple 1:1 NAT from one wan address to an internal server. I was assigned the x.x.x.152/29 address for my WAN from my ISP, and designated the ip x.x.x.154 for pfsense while x.x.x.153 is its gateway. I can use pfsense as gateway for internet just fine. Now I want to open my web server to the world. I first created a virtual IP x.x.x.155/29 on the WAN interface as an IP alias, then a 1:1 NAT pointing x.x.x.155 to 10.0.0.215, which is my web server and finally created a respective firewall rule on the wan interface allowing traffic from wan to 10.0.0.215 on port 80. The same as on http://www.youtube.com/watch?v=5lMRA1ntgz8

      Is that all? Have I missed something? With this setup x.x.x.155 opens up pfsense login screen and not my web server. Can anybody help me track what's wrong?

      Thanks and best regards.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        @mmerlone:

        finally created a respective firewall rule on the wan interface allowing traffic from wan to 10.0.0.215 on port 80.

        This sounds potentially incorrect. The firewall rule should allow traffic from source 'any' not from WAN.
        To resolve this as quickly as possible please post screen shots of your port forward rule and linked firewall rule.

        Steve

        Edit: Ah, I forgot to say: where are you testing this from? You can't test port forwards from the LAN side.

        1 Reply Last reply Reply Quote 0
        • M
          mmerlone
          last edited by

          @stephenw10:

          This sounds potentially incorrect. The firewall rule should allow traffic from source 'any' not from WAN.

          I meant 'wan' tab, sorry.

          @stephenw10:

          To resolve this as quickly as possible please post screen shots of your port forward rule and linked firewall rule.

          There is no port forward rule, as per the docs, a 1:1 NAT would dismiss the need of a port forward, since it forwards ALL ports. Screenshots below.
          Translation: GVT5FIBRA => WAN

          2012-12-18_14-27-22.png
          2012-12-18_14-27-22.png_thumb
          2012-12-18_14-28-14.png
          2012-12-18_14-28-14.png_thumb
          2012-12-18_14-30-31.png
          2012-12-18_14-30-31.png_thumb
          2012-12-18_14-30-49.png
          2012-12-18_14-30-49.png_thumb

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            @mmerlone:

            There is no port forward rule, as per the docs, a 1:1 NAT would dismiss the need of a port forward, since it forwards ALL ports.

            Indeed, my poor phrasing.  ::)

            That all looks good. You didn't say where you are testing from though. It won't work from LAN unless you have enabled NAT reflection and even then it's not a good test.
            http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

            Steve

            1 Reply Last reply Reply Quote 0
            • M
              mmerlone
              last edited by

              @stephenw10:

              That all looks good. You didn't say where you are testing from though. It won't work from LAN unless you have enabled NAT reflection and even then it's not a good test.
              http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

              I enabled NAT reflection so I could try from the inside, but also tested on my phone using data connection - not wi-fi - and … and ... at first (and second) it did not work, now it is working. Wtf?!
              So, now it works from outside, but NAT reflection is not working, still opening pfsense login page. NAT reflection is something I can live without, no big deal.

              Thanks for your time.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Hmm well it looks like NAT reflection should work with 1:1 NAT in 2.0.1.
                With significant config changes you often have to clear the state table to remove anything generated by the previous config.
                Diagnostics: States: Rest States

                Steve

                1 Reply Last reply Reply Quote 0
                • S
                  santosh.das
                  last edited by

                  Dear Steve,

                  This same issue i was also facing in my wan network.
                  According to your solution by enabling Nat Reflection. i won't get pfsense admin login page again but my web respective page was not shown.
                  but by checking the below option. I am able to view my require web pages.

                  "Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from"

                  Thanks a lot for your solution.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.