Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I'm doing something wrong…. (NAT to internal server)

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 676 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coachmark2
      last edited by

      I will do my best to keep my explanation brief. I'm piloting a PFSense box right now on an internal network (10.x.x.x).

      PFSense Primary "WAN" Address: 10.39.4.119
      PFSense Primary LAN Address: 192.168.1.1
      "Server" in question: 192.168.1.106
      External IP that should 1:1 to server: 10.39.3.100

      I have setup 10.39.3.100 as a VIP in PFSense. (Attached) I am able to ping it and get a response from an external machine after opening the appropriate firewall rules. I am currently running a ping -t continuous ping. In the 1:1 NAT mapping, I have the pictured setup (Attached).

      Why do you think that the 10.39.3.100 address responds to pings, but doesn't seem to be correctly mapped to the "Server"? Disconnecting the server's ethernet port has no effect on the pings. They keep responding successfully. For reference, I am running a completely open firewall where traffic from anywhere on any port can flow both directions. I have automatic outbound NAT enabled.

      Where did I goof?

      NAT.PNG
      NAT.PNG_thumb
      VIP.PNG
      VIP.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • C
        coachmark2
        last edited by

        :(
        ….

        ....

        It was Windows Firewall's fault. epic facepalm

        All is well now. A quick disabling of the Win Firewall allowed RDP sessions and pings in and out, and PFSense's automatic outbound NAT took over admirably. :D

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.