General NAT question as per sticky (Port Forward Troubleshooting)



  • http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting states "3. Client machine is not using pfSense as its default gateway."

    Hi All,

    I've been through the above sticky as part of my troubleshooting.  Could someone please explain to me why this is (point 3)?  What about dual homed hosts that have NICs without default gateway set?

    Apologies if I'm completely missing something.

    Regards,
    Wikus


  • LAYER 8 Global Moderator

    That is fine if you have another nic on a different network that does not have a default gateway.  The point in the troubleshooting step is good one.

    Lets say pfsense is 192.168.1.1, and your machine is 192.168.1.100 – there are multiple paths out of your network, lets say another gateway to a different isp at 192.168.1.10

    If you forward traffic hits pfsense and you forward it to .100, he will see the traffic, but since his default gateway is .10 he would send his response to to that gateway.. That most likely is not going to work, since the outside box sent to publicipA and is getting response from publicipB (your other gateway public ip)

    Its prob a rare sort of situation in home setups, but asymmetrical routing happens all the time.



  • Thanks for your help.

    Wikus


Log in to reply