Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Simple NAT rule failure - SOLVED

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 812 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cofee
      last edited by

      Hi,

      I have a basic install (ver 2.1.5) and I make a simpe NAT rule:
      WAN TCP * * WAN address 3389 192.168.99.2 3389

      I think this should work, but it does not. I checked a Firewall logs and I find these rows:
      X date time WAN myip:50898 192.168.99.2:3389 TCP:S

      Why do reject the package? The "info box" of the log rows say: Reverse Resolve with DNS But I dont understand this.
      I'm able to connect to the 3389 port within the local network.

      Can someone help me?

      Thanks
      Cofee

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Have you read this thread?  https://forum.pfsense.org/index.php?topic=81060.0

        That Reverse Resolve button is just a quick way to run a reverse lookup on the IP address listed.

        1 Reply Last reply Reply Quote 0
        • P
          P3R
          last edited by

          @cofee:

          Hi,

          I have a basic install (ver 2.1.5) and I make a simpe NAT rule:
          WAN TCP * * WAN address 3389 192.168.99.2 3389

          I think this should work, but it does not. I checked a Firewall logs and I find these rows:
          X date time WAN myip:50898 192.168.99.2:3389 TCP:S

          Why do reject the package?

          Because the source port of the incoming packet is 50898 (in most protocols the source port is randomized by the source node), not 3389 as your rule requires.

          If you make the source port "any", I think it should work better for you.

          1 Reply Last reply Reply Quote 0
          • C
            cofee
            last edited by

            Thanks for answers, but a solution was very simple :) I use addresses (as you can see) from RFC1918 and the pfSense default blocked this IP-s on a WAN interfaces. I disabled this block feature in menu Interfaces\WAN, then my forward rule is work perfectly.

            P3R: the source port of course: any

            Best regards
            Cofee

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.