Port forward to WAN

viragomann

Are you able to access it from LAN?

If yes, have you tried the NAT already?

If yes and it isn't accessible from outside, are you sure that your network is generally accessible from the Internet?

Mellowlynx

@viragomann Yes, I can access it from the LAN.
I did setup a NAT rule to the IP and it will not load.
If I edit it to a VOIP phone IP, I get the WEB UI from the phone.

viragomann

Have you also added an outbound NAT rule for the modem?

Mellowlynx

@viragomann I have made this rule. screenshot
Should I make one on the LAN interface? port 80 to 192.168.100.1 port 80?

A Former User

This post is deleted!

viragomann

No, that rule has to be on the interface where the traffic is coming in. If it WAN it ok.

But you also need an outbound NAT rule on that interface the modem is connected to.

Mellowlynx

This post is deleted!

viragomann

@Mellowlynx said in Port forward to WAN:

Correct me if i'm wrong, but it has to come in first trough to firewall an that go back out to the WAN right?

Yes it should go this way. This requires that your modem is in bridge mode as you stated above and pfSense WAN has a public IP. So 192.168.100.1 must not be the default gateway.
This is how I understand your set up.

Mellowlynx

@viragomann I see now, never used Outbound in NAT before.
Do you have a example for me? or what I should fill in.

Yes, Modem is in bridge mode and pfSense has Internet IP on wan.
I can access Web config on WAN IP and the VIOP phone on the same IP with other port.

The bridge mode of the modem also gives it a local IP (192.168.100.1) to be able to connect to it and see connection info.

viragomann

So the pfSense WAN interface has already a second IP in the modem subnet?
That's the premise for accessing from LAN. That's why asked above for accessibility from LAN.

@Mellowlynx said in Port forward to WAN:

I see now, never used Outbound in NAT before.

So your outbound NAT may still work in automatic mode, which is default.
Switch into the hybrid mode. Then add a rule:
Interface: WAN
source: any
destination: 192.168.100.1
port: 80???
Translation interface address.

You wrote above, you use port 80 to access the modem WebGUI. So the communication is not encrypted. The login credentials may be transferred in clear text! I strictly recommend to use an encryption like https if possible when you connect from the internet. Otherwise look for an other way to access it like VPN or a proxy with SSL.

Mellowlynx

@viragomann I can't set the IP as destination.
I can set it to Any or a network range. (I tried both)
But still noting. I did at one point got a redirect error in Chrome.

But it looks like setting up the VPN is the way to go.
So will set that up tomorrow.

Thanks you for you time and info, I did learn something today :)

viragomann

@Mellowlynx
To set a single IP in the outbound NAT, you have to select Network, enter the IP and select 32 for the mask.