Port forwarding

joule

on my old linksys router, I was able to set up a web server on my LAN on port 80, then set up port forwarding on the linksys to allow WAN clients to connect to the web server using a non-standard port.  A client would connect to my WAN ip on port 1212.  The linksys did the port conversion from port 1212 to port 80.

How would I set this up on pfsense and/or m0n0wall?

I've tried setting up NAT inbound rules such as this:
Proto  Ext.port  NAT ip          Int.port
  tcp    1212    192.168.1.5    80

it didn't work.

jeroen234

use that nat rule plus this on the wan interface:
Proto Source Port  Destination    Port    Gateway Description
TCP    *        *      192.168.1.5    80 (HTTP)  *        NAT

hoba

if your wan is in a private subnetrange make sure you have "block private subnets" at interfaces>wan disabled.

joule

Thanks jeroen234, that did it.
I was confused with the wording and put 1212 for source port in the firewall rules.  Once I changed it to * it started working.

I spend a full day looking for this info, both on pfsense & monowall site & forums.  Really should be in a FAQ somewhere.  For those who need to run non-standard ports because their ISP is blocking the standard ones.

hoba

When creating the NAT just leave the "autocreate firewall rule" option enabled. It will set up the correct rules for you automatically.

joule

When I created the NAT rule, I enabled the "autocreate firewall rule" option.  Thats when it didn't work because it put 1212 under the firewall rules WAN source port.

What did work for me is the following:

under Firewall NAT Inbound:
IF      Proto  Ext Port Range    Nat IP        Int. Port Range  Descripton
WAN    TCP      1212            192.168.1.5        80                web_server

under Firewall Rules WAN:
Proto  Source  Port    Destination    Port    Descripton
TCP      *          *      192.168.1.5    80    NAT web_server

This allowed me to have a web server on port 80 on 192.168.1.5 on my LAN,  and allows me to access it via the WAN port (internet) by going to http://www.mydomainname.com:1212

Thanks for your help…  Unless I'm missing something, I think I'm good for now.

hoba

I just checked this but it works fine for me. The generated firewallrule is correct.

yoda715

@hoba:

I just checked this but it works fine for me. The generated firewallrule is correct.

Confirmed. Auto create rule is functioning properly for me as well.