Nat rules



  • ok  guys im sure you have seen all the post about people having issues with port forwarding
    i have read alot of them and watched alot of videos

    so at this point  so i dont blow my brains out  im going to prtend that i dont know anything

    can someone please give me detailed instructions  (  pretend that i am a noob  )  wich i kinda am on pfsense

    ok so once i figured out that port 443 wasnt forwarding after  i went to  firewall > nat > + sign > and created a new rule
    interface > wan  >prtocol > tcp/udp > source > left it alone  > Destination > any  > Destination port range 443 : 443 >
    redirect target ip >  my internal ip > redirect target port > 443 > description > https > nat reflection > system default

    filter rule association > create new associated filter rule > …..........

    and when i done a portscan " online "  i understand i am behind a firewall

    port 443 closed / isnt respnding

    so i done the same thing with port 22/ssh  and it worked like gangbusters !

    so why in the h*ll can i not get out on port 443 ??  i really dont understand
    i have read about dns split  blah blah  i have tried most of the tutorials out there 
    and a few times i had to reset back to factory defaults because i lost internet connection

    so please even i know a little bit about this treat me as if i know nothing  ( treat me like a baby )
    and please explain in the  most simplest  way possible
    to tell me how to port forward  port 443
    i have read the troubleshooting guide  ...i have read the port forward instructions
    so please i am  humbly asking for help
    thank you guys for being here  to help
    i look forward to your response  thanks in advance


  • Rebel Alliance Global Moderator

    "Destination > any  >"

    Well that is wrong..  Dest would be your wan address.

    so you read the troubleshooting doc..  And did you follow it or just read it.  First thing to do is make sure the traffic is actually getting to pfsense wan.  Pfsense can not forward something it does not ever see.

    How are you testing this?  You need to make sure your coming from outside pfsense..  Your not trying to hit your pfsense wan IP from inside pfsense are you - that would be nat reflection and can be problematic and should really just be avoided.  There is never really a valid scenario that it makes sense.

    this really is clickity clickity..  Create your foward and your done.  If something is not working you either did it wrong or the traffic is not even getting to pfsense.  You also need to check your firewall on the box listening on 443.  maybe pfsense sends it through and that firewall blocks it?  You sure the box is even listening on 443?  Can you access it from a host on your lan directly?

    The troubleshooting guide covers pretty much every scenario that could be a problem.

    Its possible your isp blocks 443 and or you have a nat in front of pfsense that you did not forward 443 to your pfsense wan IP, etc. etc..