Troubleshooting NAT¶

NAT can be complex, and in all but the most basic environments there are bound to be issues obtaining an ideal configuration. This section covers a few common problems and potential resolutions.

Port Forward Troubleshooting¶

Port Forwards in particular can be tricky, since there are many things to go wrong, most of which could be in the client configuration and not pfSense software.

For information on diagnosing these problems, see Troubleshooting NAT Port Forwards,

NAT Reflection Troubleshooting¶

For detailed information about troubleshooting NAT reflection, see Troubleshooting NAT Reflection.

Outbound NAT Troubleshooting¶

When manual outbound NAT is enabled and there are multiple local subnets, an outbound NAT entry is required for each subnet on each outgoing WAN interface. This includes traffic for subnets that must exit with NAT after coming into pfSense software through a VPN connection.

One indication of a missing outbound NAT rule is packets leaving the WAN interface with a source address of a private network. See Packet Capturing for more details on obtaining and interpreting packet captures.

1:1 NAT Troubleshooting¶

For information about troubleshooting 1:1 NAT, see Troubleshooting 1:1 NAT.