Pass specific IP through to LAN, port forwarding, firewall rules
-
Hello, new Netgate appliance, new to pfSense and just getting this new device configured. Fairly smooth, except for the following: I have a Synology DS in Chugiak which backs up daily to a remote Synology DS in Blacksburg. I am now placing the Netgate appliance between the cable modem and my router in Blacksburg. I must be missing something in configuring the port forwarding and firewall rule on the Netgate. I want to allow all traffic from the specific IP address hosting the Chugiak DS through the netgate to the Blacksburg DS, all ports. I have read through the pfSense documentation regarding both port forwarding and firewall rules, plus searched the forums. I have deleted and properly recreated port forwarding rules, rebooted the netgate. What am I missing? Thank you for your help!! Screenshots of my current configuration are attached:
-
@akjim
Hey
which service Synology performs the backup?
Hyper Backup ? -
@konstanti said in Pass specific IP through to LAN, port forwarding, firewall rules:
@akjim
Hey
which service Synology performs the backup?Synology's HyperBackup
-
Do not pay attention to the Russian language
Everything is clear
What ports do I need to forward for Hyper Backup
What you're doing is wrong. -
@akjim
The first picture shows that pf is blocking tcp port 6281 -
@konstanti Yes, I know that. Hyperbackup is set up correctly. I just need to get the connection through the netgate to the Blacksburg DS. Without the netgate in the system everything works perfectly.
-
This way, the required ports are forwarded
Everything else need to disable and remove
https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html -
@konstanti OK, so a single port forwarding rule without a specified single host defined. No corresponding firewall rule is required?
-
pf will create the rule automatically
for example
-
Hmmm ..... it's still not going through. I'll delete the rule again, reboot the netgate and start fresh. I appreciate your help. Be back after the fresh start ....
-
We have to start over
- remove and disable all that in the pictures ( this is wrong)
- create port forwarding for 6281 (nat / port forwarding)
- check that the rule on the wan interface also appeared
- try to connect
how is port forwarding configured on the router ?
-
@konstanti said in Pass specific IP through to LAN, port forwarding, firewall rules:
We have to start over
- remove and disable all that in the pictures ( this is wrong)
- create port forwarding for 6281 (nat / port forwarding)
- check that the rule on the wan interface also appeared
- try to connect
- Yes, I have removed all rules, then rebooted the device.
- Yes, done
- Yes:
- Still rejected by device firewall:
-
@akjim
show me the rules on the wan interface -
@akjim Port forwarding on the router is good, this traffic is being stopped by the netgate appliance only. If I remove the netgate appliance (pfSense) then everything works correctly.
-
@konstanti said in Pass specific IP through to LAN, port forwarding, firewall rules:
@akjim
show me the rules on the wan interface
-
@akjim
this is not what we needi need
/firewall/rules/wan -
and I need a full log entry.
to see what pf is blocking
Status/System Logs/Firewall/Normal View
where you will see :interface, source, destination, port, protocol -
@konstanti said in Pass specific IP through to LAN, port forwarding, firewall rules:
@akjim
this is not what we needi need
/firewall/rules/wan -
here's what I need
the picture with all the rules
for example , -
@konstanti There is only this one, single rule ..... !