Port Forwarding Help

netboy

Hey I am sure I am doing something wrong.....
I followed the guide here for port forwarding.
Based on my port forwarding Firewall / NAT / Port Forward. a rule was "auto generated" by pfsense. Here is the screen shot: I have blanked out the Local IP and port.

When I check if my port is open using URL the port is closed.

Am I missing something. FYI, this is for QuickConnect for Synology.

Also curios: Why is my WAN IP "different" from the IP reported by whatsmyip.org? The reason I am asking is I read something about cgnat Which I do not understand. pfsense WAN IP is something like 100.72.xxx.xxx and Whatsmyip reports totally different 216.xxx.xxx.xxx

I love youtube! I viewed about cgnat here and now I understand.

Based on the youtube video should I get a STATIC IP from my provider? Or is there any alternative way to port forward with cgnat?

viragomann

@netboy said in Port Forwarding Help:

Also curios: Why is my WAN IP "different" from the IP reported by whatsmyip.org? The reason I am asking is I read something about cgnat

Yes, this indicates that your WAN IP is a CC-NAT.

There is mo possibility to access it from the internet, because there is a router in front of it, which doesn’t forward anything.

So you can try to get a public IP, but you might have to pay for it.

johnpoz

@netboy said in Port Forwarding Help:

this is for QuickConnect for Synology.

quick connect does not require a port forward to work. It makes an outbound connection to synology, and when you connect you come through the relay service. It does try and do a hole punch, but if your behind a nat then the relay service should be used.

You can read their white paper on how it works.

https://global.download.synology.com/download/Document/Software/WhitePaper/Firmware/DSM/All/enu/Synology_QuickConnect_White_Paper.pdf

Being behind a nat or even a cgnat should still work via the relay service - might not be all that fast.. But it should work.

netboy

@johnpoz said in Port Forwarding Help:

Being behind a nat or even a cgnat should still work via the relay service - might not be all that fast.. But it should work.

Yes! I had turned on local only in Iphone - Did not realize it! It does work but very slow....Will it be faster if I get a static IP and port forward?

johnpoz

@netboy if you can get a direct connection then yeah should be faster, but it does a hole punch - you wouldn't actually have to setup a port forward for it to work. But yeah your IP needs to be reachable. Which behind a cgnat its not.

While a port forward should make it an easier connection to make - hole punch is valid way of coming back in through the connection that a client makes. So you don't actually have to allow for unsolicited traffic via a port forward.

If you go and get a actual IP, doesn't have to be "static" just not behind a cgnat.. I would setup a vpn vs using their quick connect.

netboy

@johnpoz said in Port Forwarding Help:

I would setup a vpn vs using their quick connect.

I heard about tailscale? Can I try this?

johnpoz

@netboy that might work behind a cgnat sure. You could try that.

https://tailscale.com/blog/how-nat-traversal-works/

netboy

@johnpoz Tailscale works like a charm