Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.2 - MultiWan - NAT

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nxT
      last edited by

      Hi guys!

      I have setup pfSense 2.2 in Promox VM100 with Virtio Driver.

      Created Linux Bridge vmbr0 with eth0 in promox and bridge net0, net1, net2 with vmbr0 in pfsense vm

      In pfSense VM
      Assigned WAN1 (net0) - XXX.XXX.175.203
      Assigned LAN (net1) - 192.168.100.1
      Assigned WAN2 (net2) - XXX.XXX.162.220

      Created Gateway Groups
      WAN 1 : Tier 1
      WAN 2 : Tier 1

      Created firewall rules to support these group

      Any client PC can browse and get combined gateway speed fine. FreeNAS also working fine in VM101 in Proxmox

      But I cannot make NAT working at all and cannot connect to any internal box with NAT from Public IP with ports. If I enable HTTPS (443) in WAN Firewall Rules I can see the pfSense login page but the NAT forwarding not working at all.

      https://XXX.XXX.162.220:8006 -> 192.168.100.2:8006

      I also checked with external services and my PORTS are not blocked by ISP.

      I have another similar setup elsewhere with one WAN with pfSense 2.1.5 and the NAT works just fine there. So I tried removing one WAN from this box but had no luck.

      I am sure doing something wrong here but my head is not working at this point and cannot get pass this. Can someone please lead me to right direction? I will really appreciate it.

      Thanks

      1 Reply Last reply Reply Quote 0
      • N
        nxT
        last edited by

        Actually the NAT is working.

        When I am loading from a remote network it works https://XXX.XXX.162.220:8006

        States
        WAN1LK tcp 192.168.100.2:8006(XXX.XXX.162.220:8006) <- 5.178.78.78:47805 FIN_WAIT_2:FIN_WAIT_2
        LAN tcp 5.178.78.78:47805 -> 192.168.100.20:32400 FIN_WAIT_2:FIN_WAIT_2

        But when I am loading https://XXX.XXX.162.220:8006 from a local client

        States
        LAN tcp XXX.XXX.162.220:8006 <- 192.168.100.102:50541 CLOSED:SYN_SENT

        I guess I need to add some rules for local net? I have tried different combination but can't figure out. Hopefully someone can help me with this part.

        Thanks

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          This is a NAT reflection thing. The easy way is for internal LAN clients to use the actual LAN IP of the server - 192.168.100.2:8006 - whatever is the DNS name on the public internet that resolves to XXX.XXX.162.220, say server.mycompany.example.com
          Add a Host Override on pfSense for server.mycompany.example.com to 192.168.100.2
          Then internal LAN clients can use that name and go directly to 192.168.100.2, thus avoiding the whole NAT reflection thing.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.