Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal port forwarding

    Scheduled Pinned Locked Moved NAT
    8 Posts 4 Posters 13.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jbaldi
      last edited by

      I have a web server that needs to run on port 81.  Its internal IP is 192.168.0.201. Externally it is 64.196.10.148. I set up a NAT rule to forward 64.196.10.148:80 to 192.168.0.201:81. I can access the web server externally but I can't access it internally using its domain name. Obviously I can access it using the internal IP and port but I would like other hosts on my internal network to access using its domain name. How do I go about doing this. I'm sure its possible but I don't see a clear way. I could just add a record to my DNS server but that doesn't solve the port forwarding from 80 to 81.  ???

      1 Reply Last reply Reply Quote 0
      • D
        danswartz
        last edited by

        Well, that's a bummer.  NAT reflection would normally be used, but that won't work (AFAIK) with a different port number.  The other possibility is split DNS, but that doesn't either.  Why does it need to be port 81?

        1 Reply Last reply Reply Quote 0
        • E
          Efonnes
          last edited by

          NAT reflection does work with the port number being different.

          1 Reply Last reply Reply Quote 0
          • D
            danswartz
            last edited by

            Ah, my mistake.  I didn't think that was the case.  Learn something new every day :)

            1 Reply Last reply Reply Quote 0
            • J
              jbaldi
              last edited by

              I tried enabling it but still no luck. Is there more to it? All I did was uncheck the disable option in the advanced system setup. Do I have to add another rule in addition to my 64.196.10.148:80 -> 192.168.0.201:81 rule?

              1 Reply Last reply Reply Quote 0
              • D
                danswartz
                last edited by

                Did you check the box to allow the access rule to be created?  Also, you didn't answer why it needs to be port 81?

                1 Reply Last reply Reply Quote 0
                • E
                  Efonnes
                  last edited by

                  Do you have a DNS override pointing to 192.168.0.201 that you added and forgot to remove after enabling NAT reflection?

                  1 Reply Last reply Reply Quote 0
                  • H
                    hcoin
                    last edited by

                    I'm assuming that your box serving web feeds on port 81 can't also serve the same on port 80.

                    I don't see a good pfsense answer until the 'port forward' rules expand to allow matching particular destination addresses.    It is possible to do this today if you are willing to edit /etc/inc/filter.inc to add a rule.

                    If hacking in a rule is problematic, it might be easier to choose some third box on your lan that isn't currently involved in serving port 80 or 81.  Then set it up as a 'single function' router that forwards port 80 incoming requests to your actual local port 81 web server.  Then, set up the dns to point to the new third internal box.  It's 'winning ugly', but will get you by until pfsense offers finer control over forwarding.

                    There's $0.02 worth for Sunday afternoon.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.