Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Will PfSense pass a NAT port fwd from WAN to a remote WG peer?

    Scheduled Pinned Locked Moved WireGuard
    4 Posts 2 Posters 598 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tommyt619
      last edited by tommyt619

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • M
        meluvalli
        last edited by

        I have mine currently setup this way and it's working. However, I'm not 100% sure that I have it the "correct" way.

        You have to allow 0.0.0.0/0 under the peer on client side. This allows traffic from anywhere to use the Tunnel on the server side.

        I then went to Firewall/Nat and selected outbound (from the server you want WAN to come from). Changed to "Hybrid Outbound Nat rule generation.". Added new Mapping with the below info:

        Interface: WAN
Address Family: IPv4+IPv6 (You can select just IPv4 if that's all you're using)
Protocol: Any
Source: Network: [IP of Tunnel Address] ex: 10.6.210.0/32
Destination: Any

        Left everything else default. Saved and Applyed.

        Then, I just simply created a new NAT rule under WAN (Again from the server you want WAN coming from). So for example, if you want port 443 to forward to WG Peer, specify the client address on the remote side for destination.

        T 1 Reply Last reply Reply Quote 0
        • T
          tommyt619 @meluvalli
          last edited by

          @meluvalli

          Strange because I tried that and didn't work. There's got to be some stupid setting I'm forgetting in my older age hihi.

          Well, just as so long I know it works for others and I'm not fighting against an impossibility- Ill keep searching. Thanks!!

          T 1 Reply Last reply Reply Quote 0
          • T
            tommyt619 @tommyt619
            last edited by

            @tommyt619

            Update: Nope! I was wrong. Well, I was right about my mistake at least. Thankfully I hadn't deleted the line in wg0.conf because I probably would have assumed that I tried and it failed. Since I'm split tunneling Ive got a million different networks and staring right at me on the next line is #0.0.0.0/24. Facepalm. 0.0.0.0/0 now works. nftables handling NAT from there to all the VLANs so all is well.

            Thanks again!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.