<![CDATA[Trying to translate external ips to get nat to work right. Help.]]>I have a client where their setup looks like this:

Cable modem (2.x.x.x)
|
Voip edge device (10.x.x.x)
|
PFSense showing WAN on 10.x.x.x

So when I port forward saying "WAN address" for destination, it's looking for 10.x.x.x instead of 2.x.x.x.

Now this voip device has me in a "dmz passthrough" type zone, but isn't passing ip addresses as such. How can I route say if someone wants to connect to our openvpn server, or even just to test it, the webgui for the router itself on port 80?

I've tried setting up firewall rules to allow port 80 for dest wan address, single ip address with 2.x.x.x or 10.x.x.x typed in there, and none seem to work.

Thanks.

]]>https://forum.netgate.com/topic/97439/trying-to-translate-external-ips-to-get-nat-to-work-right-helpRSS for NodeSun, 12 Apr 2026 13:16:16 GMTFri, 01 Apr 2016 20:13:06 GMT60<![CDATA[Reply to Trying to translate external ips to get nat to work right. Help. on Sat, 02 Apr 2016 15:17:21 GMT]]>@Derelict:

OK, then you need to Packet Capture to make sure the OpenVPN connections are hitting your WAN port then make sure there's a WAN rule passing the traffic.

Well I found out the phone guy reconfigured my pfsense to use dhcp instead of static on the wan, so it wasn't the dmz port. I emailed him and he gave me what is supposedly the dmz port ip. So I assigned that static, and did a packet capture on port 1195 and it captured nothing at all. I guess the ball is in his court now -_-

]]>https://forum.netgate.com/post/612550https://forum.netgate.com/post/612550Sat, 02 Apr 2016 15:17:21 GMT<![CDATA[Reply to Trying to translate external ips to get nat to work right. Help. on Sat, 02 Apr 2016 03:47:47 GMT]]>OK, then you need to Packet Capture to make sure the OpenVPN connections are hitting your WAN port then make sure there's a WAN rule passing the traffic.

]]>https://forum.netgate.com/post/612488https://forum.netgate.com/post/612488Sat, 02 Apr 2016 03:47:47 GMT<![CDATA[Reply to Trying to translate external ips to get nat to work right. Help. on Sat, 02 Apr 2016 01:47:33 GMT]]>@Derelict:

OK then it should be working if the "DMZ" is in place.  There are lots of other good troubleshooting steps on that link.
Diagnostics > Packet Capture WAN on the outside port that should be getting hit and see if the traffic is actually getting there.

Post what you've done for the Port Forward and its associated WAN firewall rule.

The outside users will have to connect to the 2. address but it will have nothing to do with anything on the pfSense port forward. pfSense's 10. address on its WAN will be the Destination address and the (as yet unspecified) inside host will be the NAT IP.

Since the pfsense itself is hosting the openvpn, it will be what the firewall rule is for. We have no need for port forwarding to anything inside the network.

]]>https://forum.netgate.com/post/612479https://forum.netgate.com/post/612479Sat, 02 Apr 2016 01:47:33 GMT<![CDATA[Reply to Trying to translate external ips to get nat to work right. Help. on Fri, 01 Apr 2016 21:43:41 GMT]]>OK then it should be working if the "DMZ" is in place.  There are lots of other good troubleshooting steps on that link.
Diagnostics > Packet Capture WAN on the outside port that should be getting hit and see if the traffic is actually getting there.

Post what you've done for the Port Forward and its associated WAN firewall rule.

The outside users will have to connect to the 2. address but it will have nothing to do with anything on the pfSense port forward. pfSense's 10. address on its WAN will be the Destination address and the (as yet unspecified) inside host will be the NAT IP.

]]>https://forum.netgate.com/post/612441https://forum.netgate.com/post/612441Fri, 01 Apr 2016 21:43:41 GMT<![CDATA[Reply to Trying to translate external ips to get nat to work right. Help. on Fri, 01 Apr 2016 20:40:16 GMT]]>@Derelict:

You have to port forward to pfSense from the cable modem.

See problem #8 https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

In your case the voip device is not between you and the internet, the cable modem is.  Or maybe both.

What do you mean? The cable modem is in full pass-through to the voip edge device. The voip edge device is putting the pfsense in a dmz zone forwarding all ports except voice related.

]]>https://forum.netgate.com/post/612433https://forum.netgate.com/post/612433Fri, 01 Apr 2016 20:40:16 GMT<![CDATA[Reply to Trying to translate external ips to get nat to work right. Help. on Fri, 01 Apr 2016 20:32:33 GMT]]>You have to port forward to pfSense from the cable modem.

See problem #8 https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

In your case the voip device is not between you and the internet, the cable modem is.  Or maybe both.

]]>https://forum.netgate.com/post/612431https://forum.netgate.com/post/612431Fri, 01 Apr 2016 20:32:33 GMT