Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not installing nat reflection rules.

    Scheduled Pinned Locked Moved NAT
    7 Posts 2 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Eugene
      last edited by

      Hi all,
      new-be question. When I try to update NAT-rules in system log I get the following:
      Oct 23 09:05:17 php: : Not installing nat reflection rules. Maximum 1,000 reached.
      Oct 23 09:05:17 last message repeated 17 times
      Oct 23 09:05:17 php: : Not installing nat reflection rules for a port range > 500
      Could somebody explain what it means?
      Thanks.

      Eugene.

      http://ru.doc.pfsense.org

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        I assume you activated NAT-reflection.
        It just says what you've been warned about when you activated NAT-reflection:

        Note: Reflection only works on port forward type items and does not work for large ranges > 500 ports.

        I didnt try that but i think it might work if you make multiple NAT-entries each with a port-range smaller than 500.
        From the log-entry there is apparently a limit of 1000 reflection.
        Do you really need more than 1000 Ports reflected?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • E
          Eugene
          last edited by

          Thanks for answering. Could you explain what is NAT-reflection?
          I have number interfaces. I have several virtual IP-addresses and do outgoing mapping using them.
          Of course there are some NAT port forwardings and three 1:1 instances.

          Thanks,
          Eugene.

          http://ru.doc.pfsense.org

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            NAT reflection is:

            Server    int. Client
                  |        /
                  |      /
              pfSense
            (WAN-address)
                  |
                  |
              ext. Client

            You have a NAT mapping from your WAN-address to your Server.
            Your external Clients can access the server without problem.
            But if an internal Client wants to access the Server on the WAN-address (NOT directly) you need NAT-reflection.
            –> reflects a local request to the server.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • E
              Eugene
              last edited by

              Ok. Great. Thanks for the explanation.
              But again dummy question: where I configure (enable/disable) this nat-reflection?

              Do you really need more than 1000 Ports reflected?

              What do you mean by "port" here?

              Thanks,
              Eugene.

              http://ru.doc.pfsense.org

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                System –> Advanced --> Network Address Translation.

                well... a port is... hmmm... a port ^^"
                http://en.wikipedia.org/wiki/TCP_and_UDP_port

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • E
                  Eugene
                  last edited by

                  Thank you very much -)
                  Especially I liked "port is a port" -)))

                  http://ru.doc.pfsense.org

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.