Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Port forward problem - in but not out

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joelmale
      last edited by

      So I have in the past made port forward work with pfsense, but am not having any luck tonight.  Here is hoping someone has got the answer.

      Problem: I would like to forward port 22 traffic through to a machine in my DMZ interface.

      Configs:
      -I have an OpenVPN tunnel as another interface (not WAN), however WAN is the default gateway.
      -I have attached clips of my NAT rules, WAN firewall rules, and select fw logs.  I setup what I believe are the correct Nat/FW rules, but still no luck.

      T/S so far:
      -Using ssh from a AWS instance to test the connection.
      -I see from the logs traffic appears to be passing through but blocked on the return where it is routed to the wrong interface (StrongVPN). 
      -Verified packet flow with tcpdump on the pfsense DMZ interface and the DMZ host machine. I see packets flowing from the internet through the firewall WAN to the host, but the response TCP:SA are blocked outbound??
      -Created a DMZ firewall rule routing port 22 traffic through the WAN gateway even though it is the default gateway, no change.

      I would appreciate any assistance, let me know if there are any questions I can answer, thanks.

      ![NAT rule.jpg](/public/imported_attachments/1/NAT rule.jpg)
      ![NAT rule.jpg_thumb](/public/imported_attachments/1/NAT rule.jpg_thumb)
      ![FW Rule.jpg](/public/imported_attachments/1/FW Rule.jpg)
      ![FW Rule.jpg_thumb](/public/imported_attachments/1/FW Rule.jpg_thumb)
      ![FW Log.jpg](/public/imported_attachments/1/FW Log.jpg)
      ![FW Log.jpg_thumb](/public/imported_attachments/1/FW Log.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • V
        vindenesen
        last edited by

        Hi joelmale,

        Can you post your pfSense routing table (Diagnostics -> Routes)?

        Edit: Most likely, it could be that you are experiencing the same problem as described in this thread: https://forum.pfsense.org/index.php?topic=80086.0

        Support the project by buying a Gold Subscription at https://portal.pfsense.org
        Running pfSense on SuperMicro A1SRI-2758F with ESXi 5.5

        1 Reply Last reply Reply Quote 0
        • J
          joelmale
          last edited by

          Ok thanks for the cross link, I did a little more troubleshooting, but I'm not quite there yet.

          I added the route-nopull option but did not see a change.  However I did have the "redirect-gateway def1" option, so removing that but keeping the "route-nopull" option on she works like a charm!  I took some before and after shots of my routes table to see what was being pushed and its effect.  I guess I'll bone up on my understanding of routing.

          Thanks for the help.  This is my first post do I log it solved or closed?  Not sure on the SOP here…

          1 Reply Last reply Reply Quote 0
          • V
            vindenesen
            last edited by

            Sometimes topic owners edits the subject (or a moderator does it), and adds [Solved] to the beginning, but I don't think it's a written rule that says you must do so.

            Support the project by buying a Gold Subscription at https://portal.pfsense.org
            Running pfSense on SuperMicro A1SRI-2758F with ESXi 5.5

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.