pfSense English Support > NAT


(1/7) > >>

I am running pfSense 2.4.1 and am trying to setup simple 1:1 NAT. I have failed horribly! Watched every video I could find on youtube along with most everything posted here and nothing works. Even my son that is a Raytheon network engineer is stumped (although he is not familiar with pfSense).

My ISP (Charter Spectrum) has given me a block of 32 IPs, 29 usable.
The modems "LAN" uses x.x.x.97.
Radio links use x.x.x.99 & x.x.x.100.
pfSense box is x.x.x.104 with a netmask of 27 (

I have setup a VIP for x.x.x.110, x.x.x.110 NAT'd to along with the appropriate WAN firewall rule. It should be that simple. It was with < version 2 of pfSense except I used Proxy ARP instead of an IP Alias.

Once I setup the 1:1 NAT, I can access everything on the inside from external but nothing gets out from internal except I can ping anything from the inside. Web browsing internally fails, steaming fails (Netflix), etc. DNS seems to be ok internally, since when I do  pings from internal, names are resolved to IPs and the RT of the pings are successful. When internal-to-external fails, I can go to System Logs/Firewall and I get the infamous "Default deny rule IPv4 (1000000103)" and/or "Default deny rule IPv4 (1000000104)". I have tried the "Easy Rule" add but it still fails. Acts like the LAN rules are being ignored which is totally bizzare! I even bounce the pfSense state tables after every change.

I claim to have tried everything and have found a need to double my xanax intake  ;)

Is there a way someone could point me to a posting/instruction/video I might have missed or give me some sort of hint what might be the issue? I know how difficult it is trying to visualize such without being there. I am a SW engineer having done communication coding myself (35 years now, yep, an old fart but can learn new tricks!) and thought I had a pretty good knowledge of the intricacies of networking. Hell, I can still translate a wireshark hex dump into binary in my head so I am not too far gone... yet...

Any help would be greatly appreciated!!!

Anyone? I know it has just been a day but surely someone has run into an instance where it appeared LAN rules appear to be ignored. Is this simply a "free feature" of pfSense? I have a rule on the LAN to allow everything but that seems to be ignored as well. I have worked on this for weeks. I am pretty sure I am no fool and am almost convinced this is a problem/feature with pfSense. No conspiracy theorist either but maybe Netgate wants anything other than the most basic features blocked or disabled.

One discrepancy, my internal network is, not as in the original post.

Fixing to post screen shots of my setup so please, someone throw me a bone here...

Now the pics...

"appeared LAN rules appear to be ignored."

Why would devices on the lan be talking to pfsense to talk to other devices on the same lan?  I don't see any point to your lan rules with dest of IPs on the lan.. What do you think those are going to accomplish?

After enabling x.x.x.110, could not even post anything due to the LAN blocking everything.

Lastly I have tried just about every permutation of WAN/LAN rules, using CARP, Proxy ARP, etc.

If this is a Netgate thing where a license is required, someone just tell me. Not a big deal. Really!!!! Just need to know...



[0] Message Index

[#] Next page

Go to full version