Port Forward Not Working 2.5.1 (Not Multi-WAN)
-
Hi, I am running a Wireguard server at 192.168.1.10 (it's a box that holds my Docker deployments)and I am able to use it perfectly fine when I'm in the internal network. However, when I go out of my network (using cellular data on my Android phone) the packets never arrived at the Wireguard server.
I have confirmed via sniffing that Wireguard packets of the correct port (51820) arrived at WAN but not showing up at LAN. The logs are captured at pfSense itself.
Here's my Port Forward configurations.
I couldn't find out what was the problem. Anyone can help to check what did I miss or did wrong?
Thanks in advance!
-
@klystrom Are they being blocked by WAN? Check your firewall log.
-
@kom Hi indeed they are... My bad for not checking the Firewall logs
But I don't see this default deny rule anywhere in my WAN nor LAN Firewall rules. Except for the default 2 in WAN.
Can you advise where should I look for it?
-
Alright found it.
Apparently I had to add another rule to allow this ON TOP of the rule that was auto generated by the Port Forward entry.
Not sure if this is a bug? But anyway, issue has been resolved.
-
@klystrom When you forward through to another server on LAN, the Destination should be the LAN IP of the server. For local services handled by pfSense, Destination is usually WAN address.
-
Yeah, the Destination of the automatically created rule is incorrect and should be 192.168.1.10, as you found out. Odd that it was created with the LAN address of the firewall as destination, unless your port forward rule was originally created that way and the firewall rule wasn't automatically updated when the NAT rule was.