Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT Port Forwarding and associated rule(s) help

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 494 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N8LBVN
      N8LBV
      last edited by

      Hi,
      I am having difficulty getting my head around port forwarding and the
      associated rule creation.
      It creates a rule that cannot be edited afterward.

      What I actually need are "multiple associated rules"
      Or to be able to have the port forward in place but also have
      multiple inbound rules work with it.

      I'm failing to figure this put on my own in short time.

      I create the port forward and then create multiple pass rules
      but they do not work with the port forward.

      Clicking on "pass" for the associated rules seems to do what is expected.
      It allows any address to pass with the port forward.
      The default when creating a port forward is that it creates an associated rule that allows anything to pass as well and seems to be the same thing.

      I'm confused as heck.

      And what I need is a number of rules to allow a list of remote networks to use the port forward.

      But it seems that I can only specify ONE rule or all.
      I've tried a number of things and I reset the firewall states each time I try
      just to be sure.

      Any help on how to do this would be appreciated!

      I must be missing something really simple!
      I will report back if I figure it out.
      Thanks!

      Steve

      I feel more like I do now.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Most people make an Alias containing the list of source networks they wish to allow and use that as the source of the port forward.

        If you don't want to do that just don't make an associated filter rule for the port forward and make your own rules passing the desired traffic to the NAT host.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        A 1 Reply Last reply Reply Quote 0
        • A
          akuma1x
          last edited by

          Don't forget that there's a helpful pfsense doc for troubleshooting port forwards:

          https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

          Jeff

          1 Reply Last reply Reply Quote 0
          • N8LBVN
            N8LBV
            last edited by

            Thanks.
            I'll give that a try and Pretty sure that was the read I was already on.
            But short on time today.
            I think I was already trying to make my own rules..
            But I may have only been trying from the WAN side and not
            centering around the NAT host as you mention.
            I think I was talking the wrong approach.
            Was rushed a bit.
            Now I have some time to read and try again.
            Thanks!!
            Great pointers!

            I feel more like I do now.

            1 Reply Last reply Reply Quote 0
            • A
              akuma1x @Derelict
              last edited by

              @Derelict said in NAT Port Forwarding and associated rule(s) help:

              Most people make an Alias containing the list of source networks they wish to allow and use that as the source of the port forward.

              @N8LBV And to expand on this concept a little bit, you can also create an alias of all the ports, or port ranges, that you want to allow, then use that alias in a NAT rule or firewall rule.

              Jeff

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.