Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port Forward through OpenVPN

    OpenVPN
    3
    5
    1890
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      m1001101 last edited by

      Hi guys, I've a problem with port forard on pfsense.
      See my network in attached scheme.

      I have 2 LAN, Home (192.168.10.x) and Museum (192.168.11.x);

      In Home LAN I have pfsense box configured as OpenVPN Server (works perfectly);

      In Museum LAN there is a server that connect via OpenVPN (client) to Home LAN through net 10.10.0.x/24(works perfectly), i can connect via ssh and all services from Home LAN to Museum LAN Server (Static OpenVPN IP 10.10.0.204), and reverse situation works great.

      Now I need to forward 1 service from Museum LAN server to Internet on port 24356 TCP, so I've setup a port forward and relative firewall rule in my Home LAN pfsense to forward all traffic inbound from port 24356 to same port at ip 10.10.0.204 (Museum LAN Server OpenVPN IP).

      But not work.

      I've flag the option "Force all client generated traffic through the tunnel" in client specific overrides, and check with traceroute: full working, packets originated from Museum LAN Server go though VPN tunnel, to Home LAN Gateway and on Inernet without problems.

      I can't understand why the port forward rule don't work like other rules for Home LAN services.

      Suggestions?

      Thanks

      ![MCS - Page 1.png](/public/imported_attachments/1/MCS - Page 1.png)
      ![MCS - Page 1.png_thumb](/public/imported_attachments/1/MCS - Page 1.png_thumb)

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        Have you already set an outbound NAT rule on the home firewall for packet coming from the server?

        1 Reply Last reply Reply Quote 0
        • M
          m1001101 last edited by

          No, because Museum Server reach Internet through VPN without problems.

          Now I tryed with outbound nat rule:

          interface: oVPN
          protocol: TCP
          source: 10.10.0.0/24 24356 (oVPN Net)
          destination: Any 24356

          Translation
          Address: interface address
          port range: static port flagged

          But doesn't work

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            You shouldn't need a port forward since there is no NAT.

            Just tell the Museum host to connect to 10.10.0.204:24356

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              m1001101 last edited by

              OK Solved!

              I've flag the option "Force all client generated traffic through the tunnel" in client specific overrides, this time worked perfectly!

              Thanks to all!!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post