Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding with pfsense as openvpn client

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 947 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      iicbiit
      last edited by

      Hi,

      I have the following setup: pfsense 2.4.4-RELEASE-p3 as an OpenVPN client (ExpressVPN), all traffic outside OPT1 (the ExpressVPN interface) is blocked, except from traffic coming from 127.0.0.1; this setup works great and prevents traffic leak.

      The problem I'm facing is that I fail to open and forward ports on OPT1. I am forwarding a port on OPT1 to a LAN address, with the corresponding firewall rule automatically created. The LAN machine has no active firewall. Yet, the port forwarding is not working and remote online port scanners report the port as closed.

      Does anybody know what is the correct way to forward a port in this scenario?

      Thank you,
      Danny

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Port forward troubleshooting on pfSense (YouTube)

        https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

        Post a screenshot of your NAT rule so we can see what you've done, and a description of exactly what you're trying to accomplish.

        1 Reply Last reply Reply Quote 0
        • I
          iicbiit
          last edited by iicbiit

          The network looks as follows: a pfsense pc connected directly to the ISP on one NIC and to the LAN on the other. In the LAN there is a Windows 10 machine (windows firewall turned off for the tests) running several apps requiring NAT. All outbound traffic from the LAN is routed through a permanent OpenVPN connection established from pfsense.

          What I need is to be able to forward the inbound ports for the local apps on the Windows 10 machine. All of them need to be able to accept connections from the outside over the OpenVPN connection (on the VPN's outbound IP). Prior to setting up the VPN all but the monerod apps used successfully port forwarding over the WAN interface.

          Danny

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I'm not sure it's going to work at all. How does your VPN provider know that when some Joe Rando from the Internet hits their endpoint asking for port 18080 that it should forward that traffic to you? A VPN is basically a double-NAT, so your provider would have to have a config in place to redirect that traffic specifically to you and not to any of their other connected clients.

            1 Reply Last reply Reply Quote 0
            • I
              iicbiit
              last edited by

              What you are saying makes perfect sense. I don't know why I didn't figure this out earlier. Thank you very much for your help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.