Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Inbound Port Forwar to VLAN IP

    NAT
    4
    4
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpinder70
      last edited by

      Hi,

      I'm having an issue forwarding an external port to in internal IP address that's behind a VLAN on pfsense.

      Here's an example of my network layout -

      WAN (9.9.9.9)
                |
          PFsense
          |      |
      VLAN1  VLAN2  (vlan 1= 10.17.0.1) (vlan 2= 10.18.0.1)

      The server's are behind VLAN1 and VLAN2 are 10.17.0.100 and 10.18.0.100, both these VLANS are LAN tagged and working properly, I can ping and get to the internet from both VLANS no issues

      Here's what I've done:

      • Setup Outbound NAT to Manual and added the IP addresses subnets 10.17.0.0/24 and 10.18.0.0/24
      • Setup Port forwarding and firewall rules to allow external ports pointing to server behind VLAN

      When I try to access the service on the server on the VLAN subnet from the WAN IP and port, I get nothing.

      Please help! :)

      Thanks

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Do you have a trunk port going to the firewall and vlan interfaces in pfsense?

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Instead of telling us what you think you've done, give us specifics as to exactly what you've done.  Screen shots are probably best.

          If you had done everything you say it should be working, but without details it's impossible to tell what's wrong.

          Inbound port forwards require both a NAT port forward and a firewall rule on WAN.  You can have the NAT entry automatically create a rule for you or do it manually.)

          pfSense doesn't care if it's a physical interface or a VLAN.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            And you don't need to change outbound NAT - what you did will not break anything, but it won't help either, and when you add more LANs you would have to remember to add the manual outbound NAT entries for them.

            As Derelict says, post some screen shots of the Port Forward and firewall rules.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.