Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Azure cloud pfsense portforward not working

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 784 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sandeepvkm
      last edited by

      Hi,
      Port forward not working in azure cloud.
      error showing in diagnostics > states is " WAN tcp 117.194.164.23:61059 -> 172.20.0.4:6540 (172.20.0.250:6540) CLOSED:SYN_SENT 2 / 0 104 B / 0 B"
      Forwarded port : TCP-6540
      Checking wan IP- 117.194.164.23
      Error showing- SYN_SENT:CLOSED
      Note- Azure pfsnese wan NSG and pfsense rules are correctly configured.
      please find the screenshot below for more detailsWAN RULE.JPG STATUS STATE.JPG PORT FORWARD.JPG

      1 Reply Last reply Reply Quote 0
      • GrimetonG
        Grimeton
        last edited by

        The host your NAT to has the correct routing settings to route everything back through your firewall where the NAT comes from?

        NAT goes hand in hand with routing so you either proxy this NAT (which will only show the firewall accessing whatever it is there) or you fix the routing on the host that you nat to...

        1 Reply Last reply Reply Quote 0
        • S
          sandeepvkm
          last edited by

          Hi ,

          Azure Pfsense have only one NIC.
          WAN and LAN IP- 172.20.0.250
          Subnet- 172.20.0.0/24

          Redirect target IP(vm)- 172.20.0.4
          Port-TCP 6540

          enable portforward, firewall policy and Azure NSG rule.
          not enabled any outbound NAT.(1:1, outbound, Npt)

          Please let me know we need to enable any outbound NAT rule for the same?

          Capture.JPG

          1 Reply Last reply Reply Quote 0
          • GrimetonG
            Grimeton
            last edited by

            No, you gotta tell the box on 127.20.0.4 to use pfSense to as a gateway so that it sends back the requests coming from the port forwarding back through the machine it came from.

            Alternative would be to enable outbound (src) nat for all packets going towards .4 port 6540 to the firewall's IP. that way you're on the same subnet and .4 doesn't care.

            The downside is that everything comes from pfSense and you do not know the real IP that tries to access .4.

            cu

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.