• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can't get port forwarding to work

Scheduled Pinned Locked Moved WireGuard
6 Posts 3 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Apstndp
    last edited by Apstndp Feb 26, 2021, 7:57 PM Feb 26, 2021, 7:21 PM

    I have successfully configure a WG interface on pfSense using this guide https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html I have set host 192.168.100.9 only to use created WG_MULLVAD interface and the host can access the Internet through that interface without issues.

    Now I wanted to be able to access port on the host through VPN provider. I have configured port forwarding on Mullvad's website, and forwarding to firewall seems to be working as I can see following:
    image1.png
    I have also configured port forwarding, so host's port would be accessible through WG_MULLVAD interface:
    image2.jpg
    I think I'm missing some kind of inbound rule to allow traffic from WG interface to the host. Not sure how to configure it. Could somebody help me?

    C 1 Reply Last reply Feb 26, 2021, 7:28 PM Reply Quote 0
    • C
      cmcdonald Netgate Developer @Apstndp
      last edited by Feb 26, 2021, 7:28 PM

      @apstndp What's your outbound NAT look like for the 192.168.100.9 host?

      Need help fast? https://www.netgate.com/support

      A 1 Reply Last reply Feb 26, 2021, 7:32 PM Reply Quote 0
      • A
        Apstndp @cmcdonald
        last edited by Feb 26, 2021, 7:32 PM

        @vbman213 Here are my rules for outbound NAT image3.jpg

        1 Reply Last reply Reply Quote 0
        • A
          Apstndp
          last edited by Feb 27, 2021, 8:19 AM

          Also, in WG_MULLVAD interface settings "Block private networks and loopback addresses" and "Block bogon networks" are not selected.

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Feb 27, 2021, 11:10 PM

            Make sure your firewall rules are on the WG_MULLVAD interface tab and not the general WireGuard tab. If rules on the WireGuard tab match, then it won't have reply-to and the reply traffic won't route back out that specific WireGuard interface.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 1
            • A
              Apstndp
              last edited by Apstndp Feb 28, 2021, 11:12 AM Feb 28, 2021, 11:07 AM

              Ok, so I got it to work. Not sure that where the problem was exactly. Was it in misconfiguration or in my human element...

              In general WireGuard tab I had rule from this guide https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html. I removed all the configurations from that guide and left only configurations from this guide https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html. Here I noticed that netcatting the port gave connection timeout and trying to access the port using actual client worked...

              So after coming to conclusion that port forward works, I started adding the remote access using already mentioned guide https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html with one exception: before adding rules to general WireGuard tab as said in the guide, I created an own interface for this, and added the "Pass VPN traffic from WireGuard peers" rule under the tab with the new wg interface. So, I have no rules under general Wireguard tab now.

              Now both use cases are working well. Thanks to everybody who helped and hopefully this post will help somebody with a similar issue.

              PS. port forwarding ssh port was just a port forward test, as I thought ssh would be an easy service to test that port forwarding works. Going to use another service for actual port forwarding use case and use ssh over remote access.

              1 Reply Last reply Reply Quote 1
              4 out of 6
              • First post
                4/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received