@johnpoz:

I do believe its even being removed in upcoming 2.3..

Already gone there.

Access it from where?

Good list of things to check here:

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

And does pfsense have a public IP on its wan or private?  If your behind a double nat its going to be difficult to forward ports inbound to your ps4 or even have UPnP do it for you.

I have had problems with using that alias in the destination address field. Try changing it to the WAN IP address and retest.

OK you were right, the route wasn't setup correctly :(  Everything is working perfectly now.  Thanks a bunch for your help!

Thanks very much, I believe I have it working.  Routing is what I was looking to avoid, as you surmised!

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

How are you routing traffic for those destinations to PIA? What are your firewall rules on the source interface?

Outbound NAT rules only tell the firewall what translations to do if the interface is sending matching traffic. They don't route anything.

@aclaus225:

I just installed my pfSense box and I am trying to set up port forwarding, but perhaps missed a step in my configuration.

The IP address on my external port is .85 and if I set up a route in Port Forwarding that goes to .85 then it comes through fine.  I, however, want to set a port forward on .84 and when I follow the same pattern in Port Forwarding everything works.  However, I am not able to get to RDP through .84.  What additional configuration do I need to do so that .84 is reachable through pfSense?

I can't tell if ".85" and ".84" are public or private IPs. You need to post more information on your setup and what you are trying to achieve.

@ismaelnoble:

has anyone managed to get chained nat to work in PfSense, im looking to do something similar to proxy chaining where the setup would be something like

WAN–>pfsense wan ip--->pfsense wanip2---> host on wan2

where i would type in pfsense wan ip: 8000 if would nat to wanip2 8000
at which point the system would then nat wanip2 8000 to host on wan2 port 80.

i have the system setup to the point where i am able to type in wanip2 8000 and get the web port of the host on wan2
i also have the nat setup for wan1 port 8000 to wanip2 8000 but cant get it to work from the wan1 side.
i have tested the forward from wan1 port 8000 to a lan host and it works so it may be a setting im missing to facilitate the chaining of wan rules.

not sure about your question . can you draw your network topology ?
if there are nat after nat affter nat .. going on and you want to forward a port for application at last nat translations..assign the host static ip and do it straigth from throughout the chain..

^ - Great. Now I'm going to have to get through the rest of the day without laughing out loud about this.

Really?

Oh you mean the clicking random shit like nat reflection use 1:1 didn't fix it ;) heheheh  But going down your setup and checking it point by point to find out where you made a mistake.. That worked – who would of thunk it ROFL

Have fun!

Sometimes pfSense need to be rebooted to get the outbound NAT to function after config change.

For anyone wondering what I ended up doing was setting up DNS entries for the different servers.

Externally, they all point to the same IP, internally, to the different servers.
As I get my hands on the devices with the old config, I'll update them accordingly.

Since it's all going off a single IP, the external devices which I can't updated would work just as well with domain.com as with server01.domain.com when it comes to the port forward externally.

This isn't a pfSense issue, so much as a basic NAT error. Firewall rules apply from the top down, so your NAT rule will only work with the first entry the ruleset encounters. You're trying to port-forward using two different ports mapped to the same internal port, so the first one in the ruleset will apply.

I believe you might be able to get around this by binding a second IP to the WAN NIC and setting your port map to that NIC, though I haven't personally tested this. What would probably be more likely to work would be introducing a second WAN NIC and setting the port map to that and the other port forward to the former NIC. Though from the sound of it, the more elegant solution would probably be the suggestion you made concerning a customised dialplan.

What do you WAN and LAN Firewall->Rules look like?

You might try temporarily turning on logging of the rules you think should be applied to see if they are getting triggered at all.

As always, try and change one thing at a time and test…...

Not sure why you would need to know this?  The openvpn wizard will auto create your nats for you for your tunnel networks.

Thanks a lot for your replies

apparently i was doing right but applying the NAT in the wrong interface
i didnt tried yet, but for sure this is my mistake

Thanks