Not installing nat reflection rules.
-
Hi all,
new-be question. When I try to update NAT-rules in system log I get the following:
Oct 23 09:05:17 php: : Not installing nat reflection rules. Maximum 1,000 reached.
Oct 23 09:05:17 last message repeated 17 times
Oct 23 09:05:17 php: : Not installing nat reflection rules for a port range > 500
Could somebody explain what it means?
Thanks.Eugene.
-
I assume you activated NAT-reflection.
It just says what you've been warned about when you activated NAT-reflection:Note: Reflection only works on port forward type items and does not work for large ranges > 500 ports.
I didnt try that but i think it might work if you make multiple NAT-entries each with a port-range smaller than 500.
From the log-entry there is apparently a limit of 1000 reflection.
Do you really need more than 1000 Ports reflected?
-
Thanks for answering. Could you explain what is NAT-reflection?
I have number interfaces. I have several virtual IP-addresses and do outgoing mapping using them.
Of course there are some NAT port forwardings and three 1:1 instances.Thanks,
Eugene.
-
NAT reflection is:
Server int. Client
| /
| /
pfSense
(WAN-address)
|
|
ext. ClientYou have a NAT mapping from your WAN-address to your Server.
Your external Clients can access the server without problem.
But if an internal Client wants to access the Server on the WAN-address (NOT directly) you need NAT-reflection.
–> reflects a local request to the server.
-
Ok. Great. Thanks for the explanation.
But again dummy question: where I configure (enable/disable) this nat-reflection?Do you really need more than 1000 Ports reflected?
What do you mean by "port" here?
Thanks,
Eugene.
-
System –> Advanced --> Network Address Translation.
well... a port is... hmmm... a port ^^"
http://en.wikipedia.org/wiki/TCP_and_UDP_port
-
Thank you very much -)
Especially I liked "port is a port" -)))
