1. Home
  2. pfSense® Software
  3. NAT
  4. Port forwarding with multi-wan not working

Port forwarding with multi-wan not working

  • A

    I'm confused on how to port forward across all WAN connections - I have 3 WANs and want to be able to port forward the same port across all 3 WANs.

    What I thought I had to do was have 3 seperate forwards for each WAN connection to a port on a local address, but I've found it only works for the main WAN or doesn't work at all.

    I forwarded SSH on pfSense on each of the WANs and each of the port forwards works as it should, but when I try to forward anything else, it doesn't work. For example, Xbox live will not forward correctly and any other ports I try to forward will not work. Don't know what's going on  ??? ??? ???

    0
  • dotdash

    I do this all the time, it really should just work. Verify you can get out on the WAN2 and WAN3 connections. If you are using AON, make sure you have a rule for each WAN. Try allowing ICMP and https access to the webgui on the secondary WANs, see if you can ping and access pfsense from them.

    0
  • A

    All the WAN connections are working as they should, but the ports are still blocked. I've messed around with the settings and I got them to be open in the morning, but I come back in the afternoon and they're closed again.  ???

    0
  • dotdash

    That doesn't make any sense- the firewall rules don't change by themselves. Why don't you post shots of your NAT and Firewall rules?

    0
  • A

    This is what I currently have. Only one that works is SSH for the pfSense router. All the others don't.

    Here are the rules, they are the same on all WANs

    0
  • GruensFroeschli

    Dont set as external: "any"
    Set it to the IP of the interface –> "interface address"

    0
  • A

    @GruensFroeschli:

    Dont set as external: "any"
    Set it to the IP of the interface –> "interface address"

    I had it originally set as that and it still didn't work, so I messed around with it and changed ext: any. I just set it to the interface address again and still no difference.

    0
  • dotdash

    Two things. You don't need a port forward to access ssh or the webgui on the firewall- you just need a firewall rule. Also, ssh is TCP and not tcp/udp. Don't use tcp/udp when the service is tcp only.

    0
  • T

    I use this (in the screenshot), bat the rules are work until…......wich I wrote


    0
  • dotdash

    You are going to have to give a bit more detail on this if you want someone to help. Do all port-forwards from all secondary WANs initally work, but stop working? What do you see in the logs when the port-forwards stop working? What do the state tables look like? What you are saying doesn't make any sense logically.
    BTW- you should not use registered ports for external port shifts. (tcp/udp 2000 is Cisco SCCP.)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy