Simple NAT rule failure - SOLVED



  • Hi,

    I have a basic install (ver 2.1.5) and I make a simpe NAT rule:
    WAN TCP * * WAN address 3389 192.168.99.2 3389

    I think this should work, but it does not. I checked a Firewall logs and I find these rows:
    X date time WAN myip:50898 192.168.99.2:3389 TCP:S

    Why do reject the package? The "info box" of the log rows say: Reverse Resolve with DNS But I dont understand this.
    I'm able to connect to the 3389 port within the local network.

    Can someone help me?

    Thanks
    Cofee



  • Have you read this thread?  https://forum.pfsense.org/index.php?topic=81060.0

    That Reverse Resolve button is just a quick way to run a reverse lookup on the IP address listed.



  • @cofee:

    Hi,

    I have a basic install (ver 2.1.5) and I make a simpe NAT rule:
    WAN TCP * * WAN address 3389 192.168.99.2 3389

    I think this should work, but it does not. I checked a Firewall logs and I find these rows:
    X date time WAN myip:50898 192.168.99.2:3389 TCP:S

    Why do reject the package?

    Because the source port of the incoming packet is 50898 (in most protocols the source port is randomized by the source node), not 3389 as your rule requires.

    If you make the source port "any", I think it should work better for you.



  • Thanks for answers, but a solution was very simple :) I use addresses (as you can see) from RFC1918 and the pfSense default blocked this IP-s on a WAN interfaces. I disabled this block feature in menu Interfaces\WAN, then my forward rule is work perfectly.

    P3R: the source port of course: any

    Best regards
    Cofee