Port forwarding through on a dual wan.
-
Gidday all.
I've read all over these forums and the wiki for a number of hours now, but I still can't seem to get this right.
Firstly, I've set up (and have working) a load balanced dual wan connection.
Both my WAN connections on the pfsense are set to DMZ on each ADSL router.
I have one computer that I am trying to allow a port into.
Currently using the "http://www.utorrent.com/testport.php?port=<portnumhere>" page to check incoming ports, but no matter what I put in the Firewall rules, it seems to be blocked each time.There's a simple diagram of the network and the port I'm trying to forward is 19040(tcp) to an inside computer with the address 192.168.0.1
Currently I've got:
WAN Rules
–---
Proto Source Port Destination Port Gateway
TCP WAN address * * 19040 *WAN2 Rules
Proto Source Port Destination Port Gateway
TCP WAN address * * 19040 *And
LAN Rules
Proto Source Port Destination Port Gateway
TCP WAN address * 192.168.0.1 19040 *But I still see firewall logs come through saying:
x 'time' WAN 200.171.248.180:50699 192.168.1.8:19040 TCPAny glaringly obvious mistakes I'm making?
Regards,
Omega-00P.S. Happy easter.</portnumhere>
-
Just checking, but you did go to NAT, port-forward, and add a rule to fwd port 19040 on the wan to 192.168.0.1 19040, right?
By nature double-NAT may screw things up, so if bridging the forward-side WAN router is an option to look into.
If the app opens multiple ports, you might want to try UPNP also.
A couple of other points:
The WAN2 rule should reference WAN2, not WAN.
You shouldn't need anything special on the LAN tab. (besides the load-balance stuff)
The WAN rule should have 192.168.0.1 as the destination.
If you leave the 'autocreate firewall rules' box checked when you create the NAT, that will take care of the firewall rules. -
Ok, that worked.
I had forgotten to put the NAT rule in, just created the firewall rules myself. ;DWAN TCP 19040 192.168.0.1 (ext.: 192.168.1.8) 19040
That made it work and added the appropriate firewall rules too.
Thanks heaps for that. ;)