Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding not working properly

    Scheduled Pinned Locked Moved General pfSense Questions
    26 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yon 0Y
      yon 0 @stephenw10
      last edited by

      @stephenw10 said in Port forwarding not working properly:

      @yon-0 said in Port forwarding not working properly:

      10.10.2.1

      Do you see states/traffic on that pass rule?

      Do you have pass rules on the WireGuard group interface? That would prevent the reply-to being applied.

      Screenshot of pf- Firewall_ Rules_ US72WG.jpg

      1 Reply Last reply Reply Quote 0
      • yon 0Y
        yon 0 @stephenw10
        last edited by

        @stephenw10 said in Port forwarding not working properly:

        Do you see states/traffic on that pass rule?

        no, No traffic shows up on wg forwarding port

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Ok, so no traffic is hitting those rules. Most likely it's being passed on the WG group interface. If that is the case then reply-to would not be applied.

          What rules do you have on the WG group?

          yon 0Y 1 Reply Last reply Reply Quote 0
          • yon 0Y
            yon 0 @stephenw10
            last edited by

            @stephenw10 said in Port forwarding not working properly:

            Ok, so no traffic is hitting those rules. Most likely it's being passed on the WG group interface. If that is the case then reply-to would not be applied.

            What rules do you have on the WG group?

            Screenshot of pf - Firewall_ Rules_ WireGuard.jpg

            yon 0Y 1 Reply Last reply Reply Quote 0
            • yon 0Y
              yon 0 @yon 0
              last edited by

              because wg0 has setup to pfsense default gateway, so wg0 is normal, other wireguard tunnel can't work.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                You have to pass that traffic on the assigned interface tabs and not on the Wireguard group tab otherwise reply-to cannot work.

                So disable the rules on the group tab.

                yon 0Y 2 Replies Last reply Reply Quote 0
                • yon 0Y
                  yon 0 @stephenw10
                  last edited by

                  @stephenw10

                  i will try it...

                  1 Reply Last reply Reply Quote 0
                  • yon 0Y
                    yon 0 @stephenw10
                    last edited by

                    @stephenw10

                    i have been deleted all wg group rule, and add rule to each wg . but it still can't work.

                    Screenshot of pf.- Firewall_ Rules_ WireGuard.jpg

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Do you see states/traffic on the assigned interface tabs now?

                      yon 0Y 1 Reply Last reply Reply Quote 0
                      • yon 0Y
                        yon 0 @stephenw10
                        last edited by

                        @stephenw10

                        no, i can't it.

                        yon 0Y 1 Reply Last reply Reply Quote 0
                        • yon 0Y
                          yon 0 @yon 0
                          last edited by

                          The firewall rules have been delayed for too long. Now I can test a port 25. Let me test the others.

                          yon 0Y 1 Reply Last reply Reply Quote 0
                          • yon 0Y
                            yon 0 @yon 0
                            last edited by

                            I have a question, if I have ipv6 bgp, should ipv6 use group rules or per-interface rules? of cause ipv6 no need port farwarding. Does it affect multiple routing exports?

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              With IPv6 there would usually only be one route, defined by BGP, since there is no NAT. I would not expect there to be any policy based routing.

                              yon 0Y 1 Reply Last reply Reply Quote 0
                              • yon 0Y
                                yon 0 @stephenw10
                                last edited by

                                @stephenw10 So what you mean is that you ipv6 only need to set up group firewall rules? Do I understand correctly?

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  That's what I would expect because the system routing table should be correct. Incoming traffic should always come from that route unless you have some route asymmetry somehow.

                                  It's the port forwards (NAT) that allows traffic from a single source IP to arrive via any gateway.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.