Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Incoming firewall port wrong

    Scheduled Pinned Locked Moved Firewalling
    12 Posts 2 Posters 914 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      viragomann
      last edited by

      No idea, what you see here, but pfSense doesn't change incoming ports, except by NAT rules you've manually added.

      1 Reply Last reply Reply Quote 0
      • P Offline
        playford
        last edited by

        This is the bit I can't understand. I am replacing a watchguard that was working perfectly and now have put a ha netgate setup in its place. it is showing a completely different port in the incoming port from my external IP of my home machine to my work machine.

        I can't understand why it was working fine but now isn't. not sure if it has something to do with HA

        Many Thanks
        Mark

        1 Reply Last reply Reply Quote 0
        • P Offline
          playford
          last edited by

          Thanks for the reply btw.

          Thinking, I might ring my ISP!

          1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann
            last edited by

            Can you explain what you mean by help of a screenshot?

            P 1 Reply Last reply Reply Quote 0
            • P Offline
              playford @viragomann
              last edited by

              @viragomann

              Here are some screens:
              My Browser at home:
              https://2020-08-19_23h06_37.png

              Firewall log:
              2020-08-19_23h07_09.png

              Firewall rule:
              2020-08-19_23h05_57.png

              V 1 Reply Last reply Reply Quote 0
              • V Offline
                viragomann @playford
                last edited by

                @playford
                You have specified the source port in the firewall rule. I'm in doubt that the application sends from a static port.
                So the source port should be any in the rule to pass the packets.

                P 1 Reply Last reply Reply Quote 0
                • P Offline
                  playford @viragomann
                  last edited by

                  @viragomann Thanks for that.

                  ok, let explain what I want to do.

                  I need to forward a couple of port to internal server. one is the VPN server on one port and another is the port I showed.

                  I want to forward to an internal subnet but I won't know the external IP as it's my clients at home. I followed the port forward instructions but it's not working. This was working fine with the watchguard but now doesn't with the netgate.

                  Many Thanks
                  Mark

                  1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann
                    last edited by viragomann

                    Okay, so you can specify the source IP, but set the source port to any.
                    You have only to state the destination port and forward it to whatever you want.

                    Read the doc again:

                    The source port range when using TCP and/or UDP, and will almost always be “any”. The source port is not the same as the destination port, and is normally a random port between 1024-65535.

                    https://docs.netgate.com/pfsense/en/latest/nat/forwarding-ports-with-pfsense.html

                    P 1 Reply Last reply Reply Quote 1
                    • P Offline
                      playford @viragomann
                      last edited by

                      @viragomann Yep, you are right.

                      I have the first one working which is the vpn. Now to try and fix the rest of them.

                      Thank you so much for your help. I really thought I read that doc, front to back multiple times, but didn't see that.

                      V 1 Reply Last reply Reply Quote 0
                      • V Offline
                        viragomann @playford
                        last edited by

                        @playford
                        Seems to be a widespread beginners mistake, cause some other firewalls do not have an option to specify the source port in NAT rules. Therefor it is typed in bold letters in the doc.

                        P 1 Reply Last reply Reply Quote 0
                        • P Offline
                          playford @viragomann
                          last edited by

                          @viragomann Thanks again. Really happy to have help so quickly. glad to be away from the watchguard as well

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.