Azure cloud pfsense portforward not working

sandeepvkm

Hi,
Port forward not working in azure cloud.
error showing in diagnostics > states is " WAN tcp 117.194.164.23:61059 -> 172.20.0.4:6540 (172.20.0.250:6540) CLOSED:SYN_SENT 2 / 0 104 B / 0 B"
Forwarded port : TCP-6540
Checking wan IP- 117.194.164.23
Error showing- SYN_SENT:CLOSED
Note- Azure pfsnese wan NSG and pfsense rules are correctly configured.
please find the screenshot below for more details

Grimeton

The host your NAT to has the correct routing settings to route everything back through your firewall where the NAT comes from?

NAT goes hand in hand with routing so you either proxy this NAT (which will only show the firewall accessing whatever it is there) or you fix the routing on the host that you nat to...

sandeepvkm

Hi ,

Azure Pfsense have only one NIC.
WAN and LAN IP- 172.20.0.250
Subnet- 172.20.0.0/24

Redirect target IP(vm)- 172.20.0.4
Port-TCP 6540

enable portforward, firewall policy and Azure NSG rule.
not enabled any outbound NAT.(1:1, outbound, Npt)

Please let me know we need to enable any outbound NAT rule for the same?

Grimeton

No, you gotta tell the box on 127.20.0.4 to use pfSense to as a gateway so that it sends back the requests coming from the port forwarding back through the machine it came from.

Alternative would be to enable outbound (src) nat for all packets going towards .4 port 6540 to the firewall's IP. that way you're on the same subnet and .4 doesn't care.

The downside is that everything comes from pfSense and you do not know the real IP that tries to access .4.

cu