Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nut remote access broken - needs nat?

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alfredo
      last edited by

      Dear List,

      We ha(d) nut running at one server and the other servers connecting to that server in the same internal LAN. Since 2.0.2, none of the other servers can't connect anymore.

      Read  "The new default is to bind to localhost ONLY - you should add NAT rules for the NUT port (3493) to allow remote access." , but without success.

      So on the UPS connected server, tried to set a nat rule:

      
      If 	Proto 	Src. addr 	Src. ports 	Dest. addr 	Dest. ports 	NAT IP 	NAT Ports 	Description 	
      
      	[Firewall rule ID is managed with this rule] 	LAN 	TCP 	* 	* 	LAN address 	3493 	10.5.1.2 	3493 	  	
      	[edit rule]
      [delete rule] 	[add a new nat based on this one]
      
      

      But no luck,  :(

      Please help so that the other servers can connect again.

      Thanks, Alfredo

      1 Reply Last reply Reply Quote 0
      • G
        Gloom
        last edited by

        you need to NAT traffic on port 3493 from the lan to the loopback address and then add rules to allow the servers to use it.

        Never underestimate the power of human stupidity

        1 Reply Last reply Reply Quote 0
        • A
          alfredo
          last edited by

          Hi Gloom,

          Thanks,

          Please explain a bit more.

          Could you exactly tell me what set in the nat port forward screen.

          I set Destination: Type LAN Address, address empty (cannot be filled in)
          Destination port range: 3493-3493
          Redirect target IP 192.168.1.1 (address of this box which also has the actual UPS attached)
          Redirect target port: 3493

          Is that right?

          Which firewall rules should I set?

          Thanks,

          ALfredo

          1 Reply Last reply Reply Quote 0
          • G
            Gloom
            last edited by

            By default nut binds to 127.0.0.1 (Localhost) not to the LAN address.

            I'm assuming you have nut running on the PFSense box and are trying to connect to it from other servers on the lan. If I'm wrong then so is everything that follows.

            NAT  pfsense-lan-ip:3493 –> 127.0.0.1:3493

            Depending how restrictive your rules are you may well need to allow traffic through to 127.0.0.1 from the LAN

            Never underestimate the power of human stupidity

            1 Reply Last reply Reply Quote 0
            • A
              alfredo
              last edited by

              Hi Gloom,

              :) Thanks

              I guess the problem was that I was mixed up with the fields and that 'localhost' would not be accepted at the 127.0.0.1 address.

              Now it works:

              If: LAN
              Proto: TCP
              Scr. addr/Ports: * / *
              Dest Addr/Ports: 192.168.1.1/3493
              NAT IP/Ports: 127.0.0.1/3493

              Maybe the nut settings page should describe this a bit better.

              Thanks all,

              Alfredo.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.