Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forward external port to different internal port [SOLVED]

    Scheduled Pinned Locked Moved NAT
    6 Posts 3 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scoob8000
      last edited by

      In this example lets say I want to forward port 8888 on my public side to 192.168.0.100 port 80 on my LAN.

      I have the firewall rule added to allow incoming port 8888 on wan..  And the nat rule setup with dest port of 8888, and redirect ip to my private and redirect port to 80.

      This doesn't work as expected.  If I simply change the webserver on 192.168.0.100 to listen on 8888 then it works.

      Is there an extra step I'm missing to forward a port to a different internal port?

      1 Reply Last reply Reply Quote 0
      • W
        Wolf666
        last edited by

        Maybe the port 80 cannot be used or is used by other services (pfSense GUI?).

        Can you post port forwarding and firewall rules?

        Modem Draytek Vigor 130
        pfSense 2.4 Supermicro A1SRi-2558 - 8GB ECC RAM - Intel S3500 SSD 80GB - M350 Case
        Switch Cisco SG350-10
        AP Netgear R7000 (Stock FW)
        HTPC Intel NUC5i3RYH
        NAS Synology DS1515+
        NAS Synology DS213+

        1 Reply Last reply Reply Quote 0
        • dotdashD
          dotdash
          last edited by

          Rule should be something like:
          WAN TCP * * (public IP/WAN) 8888 192.168.1.100 80 Webserver redirect

          By default, the port-forward will create a linked firewall rule.

          1 Reply Last reply Reply Quote 0
          • S
            scoob8000
            last edited by

            Screenshots attached..

            I'm not using the associated FW rules because I have multiple networks that I'm allowing connections from.

            I don't think it's the FW rule though because if I change the server to listen on 8888 instead of 80, and change the redirect target port to 8888 it works.

            Don't think it's related to port 80 because I can make the server listen on anything, and if I try to redirect the port in the NAT rule it breaks.

            Gonna see if I can get some logs.

            nat.jpg
            nat.jpg_thumb
            rule.jpg
            rule.jpg_thumb

            1 Reply Last reply Reply Quote 0
            • W
              Wolf666
              last edited by

              Should be:

              port forwarding
              WAN  TCP  *  *  WAN address  8888  192.168.0.100  80

              With firewall rule on WAN tab:
              IPv4 TCP  *  *  192.168.0.100  80  *  none

              Modem Draytek Vigor 130
              pfSense 2.4 Supermicro A1SRi-2558 - 8GB ECC RAM - Intel S3500 SSD 80GB - M350 Case
              Switch Cisco SG350-10
              AP Netgear R7000 (Stock FW)
              HTPC Intel NUC5i3RYH
              NAS Synology DS1515+
              NAS Synology DS213+

              1 Reply Last reply Reply Quote 0
              • S
                scoob8000
                last edited by

                @Wolf666:

                Should be:

                port forwarding
                WAN  TCP  *  *  WAN address  8888  192.168.0.100  80

                With firewall rule on WAN tab:
                IPv4 TCP  *  *  192.168.0.100  80  *  none

                The firewall rule did it.  That seems kind of weird how you have to do that.  Dest 192.168.0.100 dest port 80.

                Makes me feel like I'm opening up port 80 to the world, even though I'm not.  So I just did some testing, it seems like the rule only needs to be written like that if your doing port redirection.

                Just before I read this I was looking in the logs, and saw it blocking my public source, with destination of 192.168.0.100:80.

                Thanks for the help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.