Port forwarding from internal LAN and WAN
-
Good day. I have installed pfsense 2.4.5 on our environment. The scenario is: we have a private network and configured the LAN port with the following private IP address: 10...7. The other port is connected to an ISP router with the WAN port with the following IP address: 10...5. I want to open ports or enable port forwarding for port 22 and 443.
I have tried but when testing the port I receive connection failure. -
You don't need to obfuscate private IP addresses, as this could cause confusion.
So WAN 10...7 and LAN 10...5 ...no idea if this means you have the same subnet on WAN and LAN. This would cause several big issues anyway.If your pfSense WAN is RFC1918 you are usually using double NAT, which means you need to forward the port from your upstream ISP router to the pfSense WAN IP first. pfSense can't open Ports if no incoming traffic hits WAN...
Now here comes the CAUTION part: It can be VERY dangerous to open managment ports like SSH or HTTP(S) on WAN. Better put this stuff behind a VPN.
-Rico
-
@Rico Thanks for feedback. To be clear its two different subnets. LAN 10.100.100.7 and WAN is 10.20.20.5. LAN is our environment and WAN is from ISP. We have asked the ISP to open ports.. So I want to open ports so we can get connection on port 22
-
You get 10.20.20.5 from your ISP via DHCP? You will never be able to connect to this IP from the Internet as this is RFC1918 private address space.
Maybe they can provide you a real public IPv4 or forward some ports from a public IP they own to your private WAN IP 10.20.20.5...but this is totally up to the ISP, pfSense can't really help you there.-Rico
-
@Rico. We got a new router. The WAN IP is static and 192.168.2.150 and the LAN is 10.100.100.7. The ISP has confirmed it has opened port 22 and port 443 the router. Now I want to open port 22 and port 443 on the pfsense.
-
Just follow the official guide here https://docs.netgate.com/pfsense/en/latest/nat/forwarding-ports-with-pfsense.html
-Rico
