Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to route port based routing from WAN to LAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 466 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nycgeekbk
      last edited by

      Hi,

      I currently have a situation where I need mobile devices to hit the WAN interface, and then route any traffic on port 10100 to the LAN interface, so it can traverse my LAN network to a VPN tunnel so it can access a device on a cloud network at 192.168.200.70

      I know I can communicate from the LAN interface to the VPN tunnel on the LAN network, but I am having problems getting the WAN traffic to route based on the port configuration.  It keeps trying to go out the WAN gateway, and doesn't hit the correct location.

      Firewall rules, static route config, and Trace Routes are attached.

      Any ideas on what could be preventing it from going out the correct interface?  I honestly don't get why the PFSense isn't handing the traffic over to the LAN interface, hoping you guys can see what I messed up.

      ![LAN Firewall Rules.PNG](/public/imported_attachments/1/LAN Firewall Rules.PNG)
      ![LAN Firewall Rules.PNG_thumb](/public/imported_attachments/1/LAN Firewall Rules.PNG_thumb)
      Routes.PNG
      Routes.PNG_thumb
      TraceRoute.PNG
      TraceRoute.PNG_thumb
      ![WAN Firewall Rule.PNG](/public/imported_attachments/1/WAN Firewall Rule.PNG)
      ![WAN Firewall Rule.PNG_thumb](/public/imported_attachments/1/WAN Firewall Rule.PNG_thumb)
      ![WAN Traceroute.PNG](/public/imported_attachments/1/WAN Traceroute.PNG)
      ![WAN Traceroute.PNG_thumb](/public/imported_attachments/1/WAN Traceroute.PNG_thumb)

      1 Reply Last reply Reply Quote 0
      • M
        mcdiesel
        last edited by

        I have the same issue, on a simpler setup.

        Traffic coming IN the WAN interface is not routing correctly. It goes to the default gateway, rather than following the routing table and going to a openvpn route.

        I don't want to NAT incoming on the WAN interface, just route, as the pfSense box is buried within a local network.

        There must be a simple setting to say route not NAT on wan?

        1 Reply Last reply Reply Quote 0
        • N
          nycgeekbk
          last edited by

          I am glad to see I am not the only one having this issue.

          Did you ever find a solution?

          1 Reply Last reply Reply Quote 0
          • G
            georgeman
            last edited by

            OP, I think you got everything wrong, your configuration does not really make much sense.

            If I understand correctly you have another gateway on your LAN that is used to access this remote service, and you want to receive incoming connections on your WAN and direct them to this remote service, right?

            This cannot be done with just routing, you need to do NAT at some point. Forget about everything you did. A simple port forward towards the remote service IP should work if the default route on your remote service system is also this pfSense box. If it is not, you also need some extra NAT to change the source IP of the incoming packet to the one of the pfSense box (so it knows how to route back the answer)

            This is not the same issue as mcdiesel posted. If you want to disable NAT on an interface, change the Outbound NAT settings to Manual and delete the appropriate rules.

            If it ain't broke, you haven't tampered enough with it

            1 Reply Last reply Reply Quote 0
            • N
              nycgeekbk
              last edited by

              Thanks for the advice, however I just gave that a shot, and it seems to still be routing the traffic back over the WAN interface when doing a traceroute to the remote IP.

              Any other advice you can offer, would be awesome.

              @georgeman:

              OP, I think you got everything wrong, your configuration does not really make much sense.

              If I understand correctly you have another gateway on your LAN that is used to access this remote service, and you want to receive incoming connections on your WAN and direct them to this remote service, right?

              This cannot be done with just routing, you need to do NAT at some point. Forget about everything you did. A simple port forward towards the remote service IP should work if the default route on your remote service system is also this pfSense box. If it is not, you also need some extra NAT to change the source IP of the incoming packet to the one of the pfSense box (so it knows how to route back the answer)

              This is not the same issue as mcdiesel posted. If you want to disable NAT on an interface, change the Outbound NAT settings to Manual and delete the appropriate rules.

              1 Reply Last reply Reply Quote 0
              • G
                georgeman
                last edited by

                No no, forget about routing! You cannot just route from the internet towards a private internal IP. Tracerouting from the WAN interface of pfSense does not make any sense at all, of course it will always try to send it to the internet.

                I suggest you go back to the drawing board and think carefully what you want to achieve. If you want, make a diagram and post exactly what you want to achieve, I can help you

                If it ain't broke, you haven't tampered enough with it

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.