Azure cloud pfsense portforward not working



  • Hi,
    Port forward not working in azure cloud.
    error showing in diagnostics > states is " WAN tcp 117.194.164.23:61059 -> 172.20.0.4:6540 (172.20.0.250:6540) CLOSED:SYN_SENT 2 / 0 104 B / 0 B"
    Forwarded port : TCP-6540
    Checking wan IP- 117.194.164.23
    Error showing- SYN_SENT:CLOSED
    Note- Azure pfsnese wan NSG and pfsense rules are correctly configured.
    please find the screenshot below for more detailsWAN RULE.JPG STATUS STATE.JPG PORT FORWARD.JPG



  • The host your NAT to has the correct routing settings to route everything back through your firewall where the NAT comes from?

    NAT goes hand in hand with routing so you either proxy this NAT (which will only show the firewall accessing whatever it is there) or you fix the routing on the host that you nat to...



  • Hi ,

    Azure Pfsense have only one NIC.
    WAN and LAN IP- 172.20.0.250
    Subnet- 172.20.0.0/24

    Redirect target IP(vm)- 172.20.0.4
    Port-TCP 6540

    enable portforward, firewall policy and Azure NSG rule.
    not enabled any outbound NAT.(1:1, outbound, Npt)

    Please let me know we need to enable any outbound NAT rule for the same?

    Capture.JPG



  • No, you gotta tell the box on 127.20.0.4 to use pfSense to as a gateway so that it sends back the requests coming from the port forwarding back through the machine it came from.

    Alternative would be to enable outbound (src) nat for all packets going towards .4 port 6540 to the firewall's IP. that way you're on the same subnet and .4 doesn't care.

    The downside is that everything comes from pfSense and you do not know the real IP that tries to access .4.

    cu


Log in to reply