LAN - > LAN port forwarding

  • Hi folks!
    First post here - this is a fairly easy problem I'm having but I would like advice on this:
    My environment looks like this

    |=| ISP - > Router -> (int0: PFSense  (int1: -> Web Server (

    My PFSense has 2 interfaces -
    Int0 resides in the LAN
    Int1 resides behind a DMZ and the network cannot be accessed from the LAN

    If I want to access the webserver( from the LAN (, I thought enabling portforwarding on PFSense would be the right approach. This is how I set up my port forwarding rule:
    Interface: LAN
    Protocol: TCP/UDP
    Source Addr/Ports: any/any
    Dest Address:
    Dest Port: 1337
    NAT IP:
    NAT Port: 80

    PFSense surprisngly enabled a firewall rule on my LAN interface automatically, and I set a rule to allow all traffic from any source IP from the WebServer Interface (Int1)

    However, all LAN devices are assigned as default gateway. From what I understand, the router would not be aware of PFSense's portforward rule so it would drop requests. Should I set a static route on the router for to


  • With the port forwarding you have set up the webserver should be accessible from LAN by using There will no route be necessary for this.

  • Thanks viragomann,
    I tried using wireshark to track where my packets are going. PFSense fails to respond to my ARP requests for some reason. I want to show you my port forwarding configs - I can't tell what I'm doing wrong. I even tried changing the default gateway to PFSense's IP address (, hoping that PFSense had maintained a route or state for that address, but failed to respond to ARPs.

  • Since your WAN interface is in a private network range, check if you have deactivated the "Block private networks" option in the WAN interface settings?

Log in to reply