Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forward not working to static IP (multi-WAN)

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 657 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      snewby
      last edited by

      I've been pulling my hair out over the last few days trying to get this to work. First off, a little background. We have a multi-WAN setup. I'm trying to get a remote desktop gateway server accessible from the internet on our second WAN. We have AT&T business fiber and purchased a static IP block for this purpose. First off AT&T has a weird setup for this with their "public subnet hosts" option in their modem/router. I really thought the issue was there but I had a long support call with them and they say the modem is configured correctly. The first static IP in our block is assigned to our secondary WAN interface and that is working perfectly fine. I also have an OpenVPN instance connecting to that IP and this also works. The issue is when I try and use the next IP in our block and port-forward this to a remote desktop gateway server behind the firewall. I create a NAT port-forward rule as usually but it does not work and I can't see any reason why it wouldn't. Maybe it is related to having a multi-WAN setup? The rule for OpenVPN on this WAN works fine but that is not a NAT port-forward. Below are my firewall rules, for security reasons I have blanked out the full IP's. I'm also including my LAN rules incase there is any issue there. any help is appreciated.

      f4c95c9e-7db5-47c9-bb4b-59c5c5a6e77b-image.png

      caf2d47f-22c7-4e50-9c57-4bf82e1cde6a-image.png

      80326320-9fc9-41ab-a5d5-3d568af980ae-image.png

      dotdashD 1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash @snewby
        last edited by

        @snewby
        If you're not on 2.5.2, update. There was a bug with port forwards on the non default WAN in 2.5.1. As always, make a backup of the config, have a copy of the previous install media, and be prepared to install from scratch if the upgrade goes south...

        S 1 Reply Last reply Reply Quote 0
        • S
          snewby @dotdash
          last edited by

          @dotdash oh, I didn't realize 2.5.1 still had that bug, thought that was only in 2.5.0. We are not on the latest release so I will try that upgrade this weekend and report back if that resolves our issue.

          1 Reply Last reply Reply Quote 0
          • S
            snewby
            last edited by

            Wanted to post a quick follow-up to say this is now working, thanks @dotdash for the info on the update! In our case though we also needed to add "virtual IPs" and specifically IP Alias before the port forwarding rules would work. We have a static IP block from our ISP and it wasn't clear from the documentation that the IP alias were required. I had thought I could just create NAT rules with the static IP as the destination but apparently it has to be setup as an IP alias first, maybe so it's bound to the interface? Not sure but I wanted to leave that info here in case anyone else has the same question.

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @snewby
              last edited by

              @snewby said in Port Forward not working to static IP (multi-WAN):

              I had thought I could just create NAT rules with the static IP as the destination

              This requires that the additonal IPs are routed to your primary WAN IP.
              If this is not the case you have to assign them as virtual IPs, otherwise the packets never reach your WAN on L2 base.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.