Nut remote access broken - needs nat?

  • Dear List,

    We ha(d) nut running at one server and the other servers connecting to that server in the same internal LAN. Since 2.0.2, none of the other servers can't connect anymore.

    Read  "The new default is to bind to localhost ONLY - you should add NAT rules for the NUT port (3493) to allow remote access." , but without success.

    So on the UPS connected server, tried to set a nat rule:

    If 	Proto 	Src. addr 	Src. ports 	Dest. addr 	Dest. ports 	NAT IP 	NAT Ports 	Description 	
    	[Firewall rule ID is managed with this rule] 	LAN 	TCP 	* 	* 	LAN address 	3493 	3493 	  	
    	[edit rule]
    [delete rule] 	[add a new nat based on this one]

    But no luck,  :(

    Please help so that the other servers can connect again.

    Thanks, Alfredo

  • you need to NAT traffic on port 3493 from the lan to the loopback address and then add rules to allow the servers to use it.

  • Hi Gloom,


    Please explain a bit more.

    Could you exactly tell me what set in the nat port forward screen.

    I set Destination: Type LAN Address, address empty (cannot be filled in)
    Destination port range: 3493-3493
    Redirect target IP (address of this box which also has the actual UPS attached)
    Redirect target port: 3493

    Is that right?

    Which firewall rules should I set?



  • By default nut binds to (Localhost) not to the LAN address.

    I'm assuming you have nut running on the PFSense box and are trying to connect to it from other servers on the lan. If I'm wrong then so is everything that follows.

    NAT  pfsense-lan-ip:3493 –>

    Depending how restrictive your rules are you may well need to allow traffic through to from the LAN

  • Hi Gloom,

    :) Thanks

    I guess the problem was that I was mixed up with the fields and that 'localhost' would not be accepted at the address.

    Now it works:

    If: LAN
    Proto: TCP
    Scr. addr/Ports: * / *
    Dest Addr/Ports:
    NAT IP/Ports:

    Maybe the nut settings page should describe this a bit better.

    Thanks all,