Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 677 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nikin
      last edited by

      Hello!

      I have network with two external IP adresses on one physical port. Second ip was added as virtual IP for WAN. PfSense is used as gateway/router/dhcp/dns and has ip 192.168.60.191.
      There is a server (192.168.60.250) in LAN for which second ip was get. Server will be used with rdp, ssh, telnet, etc. My job is to forward all ports to the external ip.
      LAN and 2nd WAN ip are connected via 1:1, but ports are closed. Tryied to solve the problem by making rule in port forwarding: [ WAN TCP/UDP source:192.168.60.250 1-65535 dest:ext_ip 1-65535 nat_ip:192.168.60.191 1-65535 ] Ports didnt open.
      Some guides told to make aliases, rule changed to [ WAN TCP/UDP source:Alias"server"(192.168.60.250) Alias"all ports"(1-65535) dest:ext_ip "all ports" nat_ip:192.168.60.191 "all ports"], but nothing changed. What am i doing wrong?

      Sorry my bad english, not native language

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        A 1:1 NAT rule doesn't open any port.

        If you use 1:1 set up firewall rules in addition to open ports. For instance if you want to allow SSH from anywhere to 192.168.60.250 add a rule to WAN interface:
        Action: Pass
        Protocol: TCP
        Source: any
        Destination: "Single host or alias" 192.168.60.250
        Destination port range: SSH

        If you want to open multiple ports to the same destination it's recommended to set up a Port alias in Firewall > Aliases > Ports and use this one in the firewall rule. Consider to set the protocol to "TCP/UDP" in this case.

        1 Reply Last reply Reply Quote 0
        • M
          magrw2066
          last edited by

          Hello,
          So to comprehend this,(Nat 1:1)the "external ip" would be like a ldap dn , "something reserved for broadcast' or say 8.8.8.8 (Google dns).
          "Destination ip" is the private actual up address of the true provider.
          The third field (network) is what a packet to the public address should be forwarded to( the packet is not of that subnet though)?
          Sincerely,
          JC Magras

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.