Project

General

Profile

Actions
Copy link

Bug #6675

closed

Port Forward on LAN does not work in 2.3.x

Added by Tácio Andrade over 8 years ago. Updated over 8 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
08/02/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.x
Affected Architecture:

Description

Good evening everyone, updated my pfSense from 2.2.6 to 2.3.2 this week and 2 rules Port Forward on the LAN, one to redirect the external DNS queries to my internal server and another to force the other application traffic to a local server stopped working.
I made a laboratory today with all versions of the series 2.3.x only to the rules of port forward and they did not work.
I asked another friend to do the test and the same problem occurred.

Here then a replica of one of the rules in 2.2.6 works perfectly.

https://i.imgsafe.org/16221de61e.png

Thank you in advance for your help in solving the problem.

Sincerely Tácio Andrade

Files

13901902_1000508080067787_1278853702_o.png (35 KB) 13901902_1000508080067787_1278853702_o.png Tácio Andrade, 08/02/2016 10:15 PM
Actions
Copy link
 #1

Updated by Jim Pingle over 8 years ago

  • Category deleted (NAT Reflection)
  • Status changed from New to Not a Bug
  • Target version deleted (2.3.2-p1)

Reflection wouldn't come into play for a rule such as that. If the client and server are on the same subnet, you need hybrid or manual outbound NAT rules to mask the source. It's possible there is some other backend parsing difference but there are many, many people using rules exactly like that successfully on 2.3.x with proper outbound NAT.

More likely, the config you had was incomplete on 2.2.x but was working by accident due to some other factor in your configuration. Post much more detail on a forum thread and someone can help you diagnose the underlying problem.

Actions
Copy link
 #2

Updated by Tácio Andrade over 8 years ago

If I need is more of the same as Squid is to work with the transparent proxy, redirecting only port 80 and not all traffic.
I tried to enable the transparent proxy on Squid to see which rules it generated, however it did not generate any new rule in NAT> Outbound.

Open a topic in the forum, waiting for someone to help me find a way to recreate this rule, otherwise I will have to run the downgrade.

Actions
Copy link
 #3

Updated by Tácio Andrade over 8 years ago

Only you correcting what you said above in pfSense own documentation just finding something interesting, he recommends that the redicionamento rule DNS is done through Port Forward and not NAT.

https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

Actions
Copy link

Also available in: Atom PDF