NAT Port Forwarding and associated rule(s) help



  • Hi,
    I am having difficulty getting my head around port forwarding and the
    associated rule creation.
    It creates a rule that cannot be edited afterward.

    What I actually need are "multiple associated rules"
    Or to be able to have the port forward in place but also have
    multiple inbound rules work with it.

    I'm failing to figure this put on my own in short time.

    I create the port forward and then create multiple pass rules
    but they do not work with the port forward.

    Clicking on "pass" for the associated rules seems to do what is expected.
    It allows any address to pass with the port forward.
    The default when creating a port forward is that it creates an associated rule that allows anything to pass as well and seems to be the same thing.

    I'm confused as heck.

    And what I need is a number of rules to allow a list of remote networks to use the port forward.

    But it seems that I can only specify ONE rule or all.
    I've tried a number of things and I reset the firewall states each time I try
    just to be sure.

    Any help on how to do this would be appreciated!

    I must be missing something really simple!
    I will report back if I figure it out.
    Thanks!

    Steve


  • LAYER 8 Netgate

    Most people make an Alias containing the list of source networks they wish to allow and use that as the source of the port forward.

    If you don't want to do that just don't make an associated filter rule for the port forward and make your own rules passing the desired traffic to the NAT host.



  • Don't forget that there's a helpful pfsense doc for troubleshooting port forwards:

    https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

    Jeff



  • Thanks.
    I'll give that a try and Pretty sure that was the read I was already on.
    But short on time today.
    I think I was already trying to make my own rules..
    But I may have only been trying from the WAN side and not
    centering around the NAT host as you mention.
    I think I was talking the wrong approach.
    Was rushed a bit.
    Now I have some time to read and try again.
    Thanks!!
    Great pointers!



  • @Derelict said in NAT Port Forwarding and associated rule(s) help:

    Most people make an Alias containing the list of source networks they wish to allow and use that as the source of the port forward.

    @N8LBV And to expand on this concept a little bit, you can also create an alias of all the ports, or port ranges, that you want to allow, then use that alias in a NAT rule or firewall rule.

    Jeff


Log in to reply