Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Incoming firewall port wrong

    Scheduled Pinned Locked Moved Firewalling
    12 Posts 2 Posters 913 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      playford
      last edited by

      Hi All,

      I have a new pfsense install and on an external machine, if I type the port at the end pf an address, the port I see at the firewall is completely different.

      How do I set it not to change the incoming port?

      Many Thanks
      Mark

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        No idea, what you see here, but pfSense doesn't change incoming ports, except by NAT rules you've manually added.

        1 Reply Last reply Reply Quote 0
        • P Offline
          playford
          last edited by

          This is the bit I can't understand. I am replacing a watchguard that was working perfectly and now have put a ha netgate setup in its place. it is showing a completely different port in the incoming port from my external IP of my home machine to my work machine.

          I can't understand why it was working fine but now isn't. not sure if it has something to do with HA

          Many Thanks
          Mark

          1 Reply Last reply Reply Quote 0
          • P Offline
            playford
            last edited by

            Thanks for the reply btw.

            Thinking, I might ring my ISP!

            1 Reply Last reply Reply Quote 0
            • V Offline
              viragomann
              last edited by

              Can you explain what you mean by help of a screenshot?

              P 1 Reply Last reply Reply Quote 0
              • P Offline
                playford @viragomann
                last edited by

                @viragomann

                Here are some screens:
                My Browser at home:
                https://2020-08-19_23h06_37.png

                Firewall log:
                2020-08-19_23h07_09.png

                Firewall rule:
                2020-08-19_23h05_57.png

                V 1 Reply Last reply Reply Quote 0
                • V Offline
                  viragomann @playford
                  last edited by

                  @playford
                  You have specified the source port in the firewall rule. I'm in doubt that the application sends from a static port.
                  So the source port should be any in the rule to pass the packets.

                  P 1 Reply Last reply Reply Quote 0
                  • P Offline
                    playford @viragomann
                    last edited by

                    @viragomann Thanks for that.

                    ok, let explain what I want to do.

                    I need to forward a couple of port to internal server. one is the VPN server on one port and another is the port I showed.

                    I want to forward to an internal subnet but I won't know the external IP as it's my clients at home. I followed the port forward instructions but it's not working. This was working fine with the watchguard but now doesn't with the netgate.

                    Many Thanks
                    Mark

                    1 Reply Last reply Reply Quote 0
                    • V Offline
                      viragomann
                      last edited by viragomann

                      Okay, so you can specify the source IP, but set the source port to any.
                      You have only to state the destination port and forward it to whatever you want.

                      Read the doc again:

                      The source port range when using TCP and/or UDP, and will almost always be “any”. The source port is not the same as the destination port, and is normally a random port between 1024-65535.

                      https://docs.netgate.com/pfsense/en/latest/nat/forwarding-ports-with-pfsense.html

                      P 1 Reply Last reply Reply Quote 1
                      • P Offline
                        playford @viragomann
                        last edited by

                        @viragomann Yep, you are right.

                        I have the first one working which is the vpn. Now to try and fix the rest of them.

                        Thank you so much for your help. I really thought I read that doc, front to back multiple times, but didn't see that.

                        V 1 Reply Last reply Reply Quote 0
                        • V Offline
                          viragomann @playford
                          last edited by

                          @playford
                          Seems to be a widespread beginners mistake, cause some other firewalls do not have an option to specify the source port in NAT rules. Therefor it is typed in bold letters in the doc.

                          P 1 Reply Last reply Reply Quote 0
                          • P Offline
                            playford @viragomann
                            last edited by

                            @viragomann Thanks again. Really happy to have help so quickly. glad to be away from the watchguard as well

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.