1:1 NAT not working



  • I've had an ancient computer running version 2.0.1 for about 3 years now.  Today I upgraded to a SG-2440 running 2.2.4-RELEASE.

    The 1:1 NAT rule is not working.  For the life of me I can't figure it out…  It was working in 2.0.1 and it is not working in 2.2.4.  All I'm trying to do is forward traffic from 1.2.31.202 to 10.100.1.202 on my LAN.  In 2.0.1, I added a Virtual IP and 1:1 NAT.  In 2.2.4, it just doesn't want to work.  I've even tried it after doing a factory reset so that the only things configured are the WAN and LAN interfaces and the NAT configuration.

    The WAN IP is 1.2.31.206.  If I add a rule to pass all ICMP packets, I can ping 1.2.31.206 but not 1.2.31.202.  I see no packets logged for the 1.2.31.202 rule.  I suspect that the virtual IP is the problem.

    If I key everything below into 2.0.1, it works.  If I key it into 2.2.4, it doesn't.  Perhaps there's a setting somewhere in 2.0.1 that was set long ago that I'm not aware of.



  • I did some more reading this morning.  Maybe it's different now vs 4 years ago when 2.0.1 was built…

    The thread below suggests setting them up as CARP VIPs and forwarding the appropriate ports instead of doing 1:1.  I'll give that a shot tonight.

    https://forum.pfsense.org/index.php?topic=4398.msg27284



  • Where you able to resolve your issue?

    I'm having the exact same problem.  Just need to do a simple 1:1 NAT to a server and it's not getting through.



  • I had some problem when upgrading from a 2.1.x to 2.2.x, if you feel like trying then maybe you could try this.

    In System < Admin < NAT

    • Set "NAT Reflection mode for port forwards" to NAT + Proxy
    • Checked "Enables the automatic creation of additional NAT redirect rules for access to 1:1 mappings of your external IP addresses from within your internal networks"

Log in to reply