Incoming firewall port wrong
-
Hi All,
I have a new pfsense install and on an external machine, if I type the port at the end pf an address, the port I see at the firewall is completely different.
How do I set it not to change the incoming port?
Many Thanks
Mark -
No idea, what you see here, but pfSense doesn't change incoming ports, except by NAT rules you've manually added.
-
This is the bit I can't understand. I am replacing a watchguard that was working perfectly and now have put a ha netgate setup in its place. it is showing a completely different port in the incoming port from my external IP of my home machine to my work machine.
I can't understand why it was working fine but now isn't. not sure if it has something to do with HA
Many Thanks
Mark -
Thanks for the reply btw.
Thinking, I might ring my ISP!
-
Can you explain what you mean by help of a screenshot?
-
-
@playford
You have specified the source port in the firewall rule. I'm in doubt that the application sends from a static port.
So the source port should be any in the rule to pass the packets. -
@viragomann Thanks for that.
ok, let explain what I want to do.
I need to forward a couple of port to internal server. one is the VPN server on one port and another is the port I showed.
I want to forward to an internal subnet but I won't know the external IP as it's my clients at home. I followed the port forward instructions but it's not working. This was working fine with the watchguard but now doesn't with the netgate.
Many Thanks
Mark -
Okay, so you can specify the source IP, but set the source port to any.
You have only to state the destination port and forward it to whatever you want.Read the doc again:
The source port range when using TCP and/or UDP, and will almost always be “any”. The source port is not the same as the destination port, and is normally a random port between 1024-65535.
https://docs.netgate.com/pfsense/en/latest/nat/forwarding-ports-with-pfsense.html
-
@viragomann Yep, you are right.
I have the first one working which is the vpn. Now to try and fix the rest of them.
Thank you so much for your help. I really thought I read that doc, front to back multiple times, but didn't see that.
-
@playford
Seems to be a widespread beginners mistake, cause some other firewalls do not have an option to specify the source port in NAT rules. Therefor it is typed in bold letters in the doc. -
@viragomann Thanks again. Really happy to have help so quickly. glad to be away from the watchguard as well