Created Outbound NAT rule on the LAN interface. Source is tunnel network, destination is LAN network. Source is tunnel network, destination is LAN network. With pfSense (DMZ), I have Automatic NAT Outbound turned on so everything that traverses from the DMZ to the Internet uses the public WAN IP (69.123.45.678). Automatic Outbound NAT The default "Automatic" scenario is to have all traffic that enters from a LAN (or LAN type) interface to have NAT applied so it is translated to the WAN IP address before it leaves. I did this with two different devices using two of my usable IPs via virtual IPs and it works fine now. I still had to set up normal port forwarding rules which is actually a relief because I thought the 1:1 NAT forwarded ALL ports to a chosen device like a DMZ, but it didn't. Das funktioniert nur mit Manuellen Outbound NAT-Regeln mit Ausnahme der ISAKMP. Anyway, I only used the 1:1 NAT and no custom outbound NAT rules. Placing the XBox One in a DMZ (DeMilitarized Zone) , means that your XBox will be exposed to the Internet without any protection – which actually may be fine. pfSense – How to fix STRICT NAT There are several ways to fix the STRICT NAT situation. At this moment in time pfSense (LAN) also has Automatic NAT Outbound turned on. Outbound NAT is configured under Firewall > NAT on the Outbound tab. Das 10.40.0.0/16 Netz hattest du bislang nicht erwähnt, keine Ahnung, was es mit dem nun auf sich hat. Das lief und läuft wunderbar und scheint die am häufigsten empfohlene Konfiguration zu sein. So, when examining the firewall logs on pfSense (DMZ), all traffic from pfSense (LAN) to the Internet appear to be coming from 192.168.2.100. Mit Automatischen Outbound-NAT werden alle Anfrage vom Office-Netz für das PLS-Netz ins Internet weitergeleitet. Auf Grundlage diverser Anleitungen hier und bei netgate hatte ich dann in der pfsense (Firewall\NAT\Port Forward) Portfreigaben eingerichtet, einmal für Sip-Port, der bei mir (statt 5060) UDP 5081 ist (weil die Fritzbox den 5060 ja okkupiert) und einmal für die RTP-Ports (UDP 10000-20000). Beispiel: Client 162.170.210.10 will Verbindung zu 162.170.200.99 dann sieht der State in der pfSense so aus: 162.170.210.10 -> Router -> WAN Source IP is … The pfsense is using Manual Outbound NAT (with Automatic outbound NAT in my test enviroment all was working as expected), but as far as I can understand, the needed rules are there: Here the firewall rules that are automatically generated from the Port Forward rules: The problem is, when I go to 51.x.x.x:80 or 51.x.x.x:443 it does not seems to work (I have a ERR_CONNECTION_TIMED_OUT on …

Man nennt das auch masquerading, weil die Quelle hinter einer anderen IP versteckt wird.

Das Outbound NAT ist aber schon das richtige Mittel dafür.