Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound works fine, but cannot make inbound connections

    Scheduled Pinned Locked Moved NAT
    11 Posts 3 Posters 880 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      automate
      last edited by automate

      HI All,

      Im setting up a 4G connection into pfsense, the service is not behind a CGNAT device so I have a proper public/routable IP. This firewall also has a HFC/Cable connection, which works inbound/outbound just fine (WAN/LAN are the interface names)

      I can make outbound pfsense connections just fine using the 4G service, but not inbound. Ive defined an interfaced called 4GLTE, I've setup port forwards in the same manner as my working WAN port forwards, but I cannot get inbound traffic.

      95366ab1-3b39-49ad-9aa7-996548d91fa6-image.png

      A packet capture didnt show any data towards 192.168.0.4

      How am I best to determine why this is failing? the 4G SIM card is inside a Netgear LB2120 modem, set to bridge mode and I verify that my TELSTRA4GLTE interface is recieving the correct public ip.

      Here is the firewall ruile thats common between the WAN/TELSTRA4GLTE interface

      I have already tried removing the source IP range restrictions.

      8672ed2f-601e-49f2-b646-397acf4bfd49-image.png

      Thanks

      1 Reply Last reply Reply Quote 0
      • A Offline
        automate
        last edited by

        So i fixed this.

        Question though, my port forwards specify WAN. When the WAN fails and moves to the 4G interface, the NAT's won't work.

        Do I need to create new port forwards for the 4G interface using different inbound ports as theres no way to make the NAT interface ANY, or WAN and 4G at the same time.

        Thanks

        1 Reply Last reply Reply Quote 0
        • A Offline
          akuma1x
          last edited by

          @automate You should be able to "duplicate" your working WAN NAT rules, change them to the 4G interface, and run them alongside the WAN rules at the same time. I have never tried it like that, but it should work.

          Jeff

          A 1 Reply Last reply Reply Quote 1
          • A Offline
            automate @akuma1x
            last edited by

            @akuma1x And this is exactly what I've done, I also did that for the NAT

            I assume I can run the same inbound port for the port forwards given the interface is different?

            ie: 6150 inbound on WAN maps to 3389 on LAN
            6150 inbound on 4G maps to 3389 on LAN

            1 Reply Last reply Reply Quote 0
            • B Offline
              biggsy
              last edited by biggsy

              @automate

              How did you get a Telstra 4G connection that's not behind a CG NAT?

              My Netgear LB2120 always gets a 10.x.y.z address.

              BTW, I wouldn't port forward to 3389 (RDP). Much better to use a VPN.

              1 Reply Last reply Reply Quote 0
              • A Offline
                automate
                last edited by

                How, use a business grade mobile broadband plan with a public IP.

                I've locked 3389 down. It's fine

                1 Reply Last reply Reply Quote 0
                • B Offline
                  biggsy
                  last edited by

                  Ah, business plan. Thanks.
                  Didn't know you could opt for that. Is it a fixed IP?
                  I'm looking for something to give me a fail-over once I'm forced on to NBN/HFC.

                  1 Reply Last reply Reply Quote 0
                  • A Offline
                    automate
                    last edited by

                    Yes, fixed/static :)

                    B 1 Reply Last reply Reply Quote 0
                    • B Offline
                      biggsy @automate
                      last edited by

                      @automate

                      Thanks again and, yes, no problem running the same port forwards on two interfaces.

                      1 Reply Last reply Reply Quote 0
                      • A Offline
                        automate
                        last edited by

                        Thanks ill give it a go.

                        I had an initiation stab but it wouldn't work.

                        I couldn't connect in, i need to check the routing... as the default may be via the WAN. So how would it route the traffic back via the 4G if it came in the 4G interface?

                        B 1 Reply Last reply Reply Quote 0
                        • B Offline
                          biggsy @automate
                          last edited by

                          @automate

                          If you've removed the source alias from both, your NAT and corresponding rule look OK to me.

                          There was a problem with the LB2120 in bridge mode

                          Are you on the latest LB2120 firmware?

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.