Port Forwarding



  • Hello!

    I have network with two external IP adresses on one physical port. Second ip was added as virtual IP for WAN. PfSense is used as gateway/router/dhcp/dns and has ip 192.168.60.191.
    There is a server (192.168.60.250) in LAN for which second ip was get. Server will be used with rdp, ssh, telnet, etc. My job is to forward all ports to the external ip.
    LAN and 2nd WAN ip are connected via 1:1, but ports are closed. Tryied to solve the problem by making rule in port forwarding: [ WAN TCP/UDP source:192.168.60.250 1-65535 dest:ext_ip 1-65535 nat_ip:192.168.60.191 1-65535 ] Ports didnt open.
    Some guides told to make aliases, rule changed to [ WAN TCP/UDP source:Alias"server"(192.168.60.250) Alias"all ports"(1-65535) dest:ext_ip "all ports" nat_ip:192.168.60.191 "all ports"], but nothing changed. What am i doing wrong?

    Sorry my bad english, not native language



  • A 1:1 NAT rule doesn't open any port.

    If you use 1:1 set up firewall rules in addition to open ports. For instance if you want to allow SSH from anywhere to 192.168.60.250 add a rule to WAN interface:
    Action: Pass
    Protocol: TCP
    Source: any
    Destination: "Single host or alias" 192.168.60.250
    Destination port range: SSH

    If you want to open multiple ports to the same destination it's recommended to set up a Port alias in Firewall > Aliases > Ports and use this one in the firewall rule. Consider to set the protocol to "TCP/UDP" in this case.



  • Hello,
    So to comprehend this,(Nat 1:1)the "external ip" would be like a ldap dn , "something reserved for broadcast' or say 8.8.8.8 (Google dns).
    "Destination ip" is the private actual up address of the true provider.
    The third field (network) is what a packet to the public address should be forwarded to( the packet is not of that subnet though)?
    Sincerely,
    JC Magras