NAT can be a complex animal and in all but the most basic environments there are bound to be issues obtaining a good working configuration. This section will go over a few common problems and suggestions on how they can potentially be solved.
Hangouts Archive to view the May 2016 hangout for NAT on pfSense® software version 2.3, The June 2016 hangout on Connectivity Troubleshooting, and the December 2013 Hangout on Port Forward Troubleshooting, among others.
Port Forward Troubleshooting¶
Port Forwards in particular can be tricky, since there are many things to go wrong, many of which could be in the client configuration and not pfSense software.
For information on diagnosing these problems, see Troubleshooting NAT Port Forwards,
NAT Reflection Troubleshooting¶
For detailed information about troubleshooting NAT reflection, see Troubleshooting NAT Reflection.
Outbound NAT Troubleshooting¶
When manual outbound NAT is enabled and there are multiple local subnets, an outbound NAT entry is required for each. This applies especially if traffic must exit with NAT after coming into pfSense software through a VPN connection.
One indication of a missing outbound NAT rule would be seeing packets leave the WAN interface with a source address of a private network. See Packet Capturing for more details on obtaining and interpreting packet captures.