Port forwarding with multi-wan not working

  • I'm confused on how to port forward across all WAN connections - I have 3 WANs and want to be able to port forward the same port across all 3 WANs.

    What I thought I had to do was have 3 seperate forwards for each WAN connection to a port on a local address, but I've found it only works for the main WAN or doesn't work at all.

    I forwarded SSH on pfSense on each of the WANs and each of the port forwards works as it should, but when I try to forward anything else, it doesn't work. For example, Xbox live will not forward correctly and any other ports I try to forward will not work. Don't know what's going on  ??? ??? ???

  • I do this all the time, it really should just work. Verify you can get out on the WAN2 and WAN3 connections. If you are using AON, make sure you have a rule for each WAN. Try allowing ICMP and https access to the webgui on the secondary WANs, see if you can ping and access pfsense from them.

  • All the WAN connections are working as they should, but the ports are still blocked. I've messed around with the settings and I got them to be open in the morning, but I come back in the afternoon and they're closed again.  ???

  • That doesn't make any sense- the firewall rules don't change by themselves. Why don't you post shots of your NAT and Firewall rules?

  • This is what I currently have. Only one that works is SSH for the pfSense router. All the others don't.

    Here are the rules, they are the same on all WANs

  • Dont set as external: "any"
    Set it to the IP of the interface –> "interface address"

  • @GruensFroeschli:

    Dont set as external: "any"
    Set it to the IP of the interface –> "interface address"

    I had it originally set as that and it still didn't work, so I messed around with it and changed ext: any. I just set it to the interface address again and still no difference.

  • Two things. You don't need a port forward to access ssh or the webgui on the firewall- you just need a firewall rule. Also, ssh is TCP and not tcp/udp. Don't use tcp/udp when the service is tcp only.

  • I use this (in the screenshot), bat the rules are work until…......wich I wrote

  • You are going to have to give a bit more detail on this if you want someone to help. Do all port-forwards from all secondary WANs initally work, but stop working? What do you see in the logs when the port-forwards stop working? What do the state tables look like? What you are saying doesn't make any sense logically.
    BTW- you should not use registered ports for external port shifts. (tcp/udp 2000 is Cisco SCCP.)

Log in to reply