NAT Port Forwarding problem to a VLAN



  • I'm new to Pfsense and both our network engineers are out of the office today. Can you help?

    I've configured a NAT port forwarding to an internal IP (172.16.40.1) on port 443.
    This IP is in a VLAN - IP address range 172.16.40.0 - .255 (mask of 255.255.255.0)

    The IP range of the school is Class B 172.16.32.1 - 172.16.39.254 (mask of 255.255.248.0)

    The Pfsense can port forward to anything within the usual range, but not to the IP in the VLAN.

    Am I missing a step here? Do I need to create a new interface/static route etc?



  • @Dellboy:

    Am I missing a step here? Do I need to create a new interface/static route etc?

    Of course, there is an interface needed on pfSense for correct routing which is attached to this VLAN.
    Didn't you create it? Otherwise pfSense knows nothing about this subnet.



  • Hi there…..

    Thank you for your response......

    As I say, I'm new to Pfsense, and I'm not a network engineer either so please bear with me.

    Could you give me basic instruction on how to do that?

    King size mars bar in it for you :-)



  • That's not as trivial to do. It's better you let this do the network engineers.

    You can check if the VLAN is assigned to pfSense in Status > Interfaces. The VLAN interface should be listed there with its subnet and mask.

    A VLAN has to be terminated at two sites. One can be the pfSense, the other site can be a switch or a computer. So as you say, the device which owns 172.16.40.1 is connected to a VLAN, so is the VLAN set on the device itself? Have you set it yourself?


Log in to reply