Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forward Not Working 2.5.1 (Not Multi-WAN)

    Scheduled Pinned Locked Moved NAT
    6 Posts 3 Posters 734 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      klystrom
      last edited by

      Hi, I am running a Wireguard server at 192.168.1.10 (it's a box that holds my Docker deployments)and I am able to use it perfectly fine when I'm in the internal network. However, when I go out of my network (using cellular data on my Android phone) the packets never arrived at the Wireguard server.

      I have confirmed via sniffing that Wireguard packets of the correct port (51820) arrived at WAN but not showing up at LAN. The logs are captured at pfSense itself.

      Here's my Port Forward configurations.

      38d775f5-abfd-4bff-b8e0-e9accc847795-image.png
      0ee0d290-bb36-487c-bee5-1c39156b8e1d-image.png
      48de92ee-a058-4695-af74-3ced83196ff1-image.png

      I couldn't find out what was the problem. Anyone can help to check what did I miss or did wrong?

      Thanks in advance!

      KOMK 1 Reply Last reply Reply Quote 0
      • KOMK
        KOM @klystrom
        last edited by

        @klystrom Are they being blocked by WAN? Check your firewall log.

        K 1 Reply Last reply Reply Quote 1
        • K
          klystrom @KOM
          last edited by

          @kom Hi indeed they are... My bad for not checking the Firewall logs

          321d76bf-e80e-4639-83db-6b1d7f220060-image.png

          But I don't see this default deny rule anywhere in my WAN nor LAN Firewall rules. Except for the default 2 in WAN.

          Can you advise where should I look for it?

          K 1 Reply Last reply Reply Quote 0
          • K
            klystrom @klystrom
            last edited by

            Alright found it.

            Apparently I had to add another rule to allow this ON TOP of the rule that was auto generated by the Port Forward entry.

            afcb4156-e271-41e9-86d3-2d0cf7e893c1-image.png

            Not sure if this is a bug? But anyway, issue has been resolved.

            KOMK C 2 Replies Last reply Reply Quote 0
            • KOMK
              KOM @klystrom
              last edited by

              @klystrom When you forward through to another server on LAN, the Destination should be the LAN IP of the server. For local services handled by pfSense, Destination is usually WAN address.

              1 Reply Last reply Reply Quote 0
              • C
                clarknova @klystrom
                last edited by

                Yeah, the Destination of the automatically created rule is incorrect and should be 192.168.1.10, as you found out. Odd that it was created with the LAN address of the firewall as destination, unless your port forward rule was originally created that way and the firewall rule wasn't automatically updated when the NAT rule was.

                db

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.