NAT on specific port

viragomann

If your additional IPs are routed to the primary WAN address by the ISP you can simply use it in a NAT rule by selecting Single address at destination and entering the IP in the next box.

If not, first you have to add each public address in Firewall > Virtual IPs as type IP Alias to the WAN interface.
Then you can choose them from the destination drop-down.

reynold

@viragomann
additional IP should not be routed.
I use one IP for my wan connection
Other IP are free
thanks

reynold

Hi, port forwarding not seems working
I am trying testing port tcp 3000 with telnet
Telnet says "lost connection to host"

PfSense rule seems to working good as shown in logs

could you help me?

Port 3000 is open on my public Ip
I ckecked here

https://www.yougetsignal.com/tools/open-ports/

i'm using virtual IP
MY ISP gave me 4 IP

• on IP is for WAN
• one IP is used for port forwarding

viragomann

@reynold said in NAT on specific port:

I am trying testing port tcp 3000 with telnet
Telnet says "lost connection to host"
PfSense rule seems to working good as shown in logs

The log shows destination port 6000. So are you forwarding from 3000 on public to 6000 on internal IP?

Are you sure the destination device is responding properly?

You can narrow it down on pfSense by using Diagnostic > Packet capture.
Take a capture on the WAN interface with a port filter set to the public port, while you try an access from outside. If it's okay, sniff on the internal interface and set the port filter to the internal forwarded port if it's another one.

reynold

@viragomann
sorry i made a mistake
i'm testing port 6000
i need to forward to port 6000 from wan

reynold

@viragomann
I captured some of these packet on port 6000 on my public IP on WAN interface
It seems it's working correcty if i'm not wrong...

19:57:58.610942 IP xxx.xxx.89.130.62498 > xxx.xxx.89.155.6000: tcp 0
19:57:58.619567 IP xxx.xxx.155.6000 > xxx.xxx.89.130.62498: tcp 0

Here what i captured on LAN interface

20:04:59.813402 IP xxx.xxx..89.130.62524 > 192.168.0.190.6000: tcp 0
20:04:59.818069 IP 192.168.0.190.6000 > xxx.xxx.89.130.62524: tcp 0

Is it helpful?

It seems everything is working bit i'm not sure

viragomann

@reynold
Agree. This looks as it should.
pfSense uses for the response on WAN the origin destination IP the request went to.

However, so the port scanner should show you a green flag when you check port 6000.

reynold

@viragomann
thanks, Where can i find the green flag?

viragomann

@reynold said in NAT on specific port:
Where can i find the green flag?

On port checker page you mentioned above.
https://www.yougetsignal.com/tools/open-ports/

reynold

@viragomann
Confirm. Green flag and it says port is open on public ip address.
I'm going to check the device. It should be the oroblem
Maybe it's not responding correctly.