Help nat/portforward
-
Hello everyone,
I have a problem in nattare / PortForward my static public address to pfSense. 'll Explain my situation.modem / router
ip address 192.168.0.1
NAT ENABLEDpfSense with 2 network cards
NAT ENABLED
network card (wan)
192.168.0.2
connected directly to the modemnetwork card (LAN)
ip address 192.168.1.1/24
client with a static address and gateway of 192.168.1.1 defautOn pfSense I configured as the default gateway modem / router:
192.168.0.1So configured everything works without any problems, but if I wanted to achieve a pc of my lan (192.168.1.0/24) from the internet I do not know how to configure my pfSense.
I would be grateful if someone could help me configure pfSense to access to a PC on the network.
Thanks in advance -
Why do you have a double nat? I would suggest remove that - can you not put your "modem/router" into bridge mode so that pfsense gets a public IP on its internet facing interface (wan)?
If not then you have to forward the traffic you want to get to pfsense first on that "modem/router" to the pfsense wan IP, then on pfsense create your port forward to the inside box. Or you need to put the pfsense wan IP into the dmz on your first nat device.
Then just create a port forward on your pfsense.
http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F
-
Hello John,
thanks a lot for your reply, you are always ready to give me suggestions.
So about your first question I cant setup modem/router in bridge modeThen I should do that:
setup port forwarding in modem/routerHTTP start port 80 end port 80 server ip address 192.168.0.2 (ip wan pfsense)
setup in pfsense port forward
if proto src. add src.port dest addr dest port nat ip nat port
wan tcp/udp * * wan net 80 192.168.1.* (device lan) 80so u think that is correct?
I would appreciate sharing your ideas with meroberto
-
Well I highly doubt you need UDP on http. And assume * is just place holder for the IP you want to send it too you can not send to wildcard.
You might be better off putting pfsense IP in the dmz of your first nat router - or any future forwards you going to have to create in both places again.
-
Hello John,
so i assume my idea is ok, just i have to change tcp/udp in tcp on http sure. Yes i mean with * just any device in the lan.
I dont know how i put pfsense ip in the dmz of nat router so I leave it configured how i explaned.
Thanks!!! -
What is the make and model of your modem/router ? I would assume they support a dmz setup, if you give the make and model of it we can look to see.
-
model is netgear dgn3500, I checked setup and default dmz server is 192.168.0.2 so shall i use this number for (pfsense)?
-
well if that is already set and that is your pfsense wan IP, you should be good to go and not need any forwards on your modem/router
edit: Some devices require being connected to specific lan port as well.
edit2: I just looked at a manual for that model, and seems that dmz is disabled by default. So make sure you enable it an you should be good for any future port forwards you need.
-
I followed your instruction and connection is ok.
So if now you think setup pfsense and modem/router is ok I will check portforwarding next days…
Thanks a lot!!! -
hello,
just i did try from port forwarding tester but I continue to have problems.. Port 80 is closed.
Someone can help me?
thanks in advances. -
what is your wan rules, and what is your port forward rules?
If pfsense is in dmz of your router in front of pfsense, and didn't mess up the rules it should be working.
Now keep in mind many ISPs block port 80 inbound because your not suppose to run servers, etc. Check with your ISP to see if they block specific inbound ports?
First check I would do is a sniff on pfsense wan interface - do you see the packets when you test? I use canyouseeme.org
-
So about your first question I cant setup modem/router in bridge mode
Just trying to clarify: Are you using any features of the router except for the modem? Because the router supports disabling NAT under "Basic Settings" (however this also resets the configuration to factory default).
