Port forwarding help

zer0vini · Jan 15, 2024, 6:35 PM

Hello guys! Newbie here.

I managed to access pfSense's GUI via WAN address by a firewall rule, and now I'm trying to make a NAT port forwarding rule so I can remotely access a server connected to pfSense via LAN. My NAT rule configuration is:

WAN interface
TCP protocol
Default Source
Destination:

Any type
Destination port from 8800 to 8800
Redirect to 192.168.2.49
Redirect port to 8800

Let it be known that I'm trying to access this server via Windows' remote desktop, hence why I'm not using HTTP/S ports.

When I manage to access said IP with said port, I can't manage to have any access to my server, even though I've checked both NAT rule and firewall rule built after NAT was stablished, and I can't seem to find anything wrong with it. Can someone help me with this? Is there also a way I can keep my port forwarding as normal and keep accessing the GUI via WAN? I'm not an expert in network rules and services, so any advice is appreciated.

Thanks!

viragomann · Jan 15, 2024, 7:00 PM

@zer0vini said in Port forwarding help:

Any type
Destination port from 8800 to 8800
Redirect to 192.168.2.49
Redirect port to 8800

Let it be known that I'm trying to access this server via Windows' remote desktop, hence why I'm not using HTTP/S ports.

It doesn't matter, which port you are using at all. However, is the server even listening on port 8800?

Maybe the access succeed if you state "WAN address" for the destination in the NAT rule.

Is there also a way I can keep my port forwarding as normal and keep accessing the GUI via WAN?

As long as you use different ports on WAN for both services, you can access them independently.

However, it's basically a bad idea at all to expose either of these services to the internet!
You should better run a VPN server and access them over a secure connection.

zer0vini · Jan 15, 2024, 7:25 PM

@viragomann Thanks for the info! I think I was fooling myself with the idea of being able to access both GUI and the server with the same WAN address, but thankfully, I have a second WAN connection for load balancing and failover functions. I get the idea of using a VPN for security purposes, but for now, I'm using some dummy equipments to understand the concept a bit better before trying any DDNS/VPN alternatives.

I'll try doing this same thing but with the second WAN connection and see if it works.

viragomann · Jan 15, 2024, 8:25 PM

@zer0vini
You can access both services on a single WAN IP, but they have to use different ports.

You didn't mention, which port is used for the web gui, so I don't know if it would work with your set up.

zer0vini · Jan 15, 2024, 8:29 PM

@viragomann I'm using "Any" as port config for accessing the GUI via WAN. Indeed, I need to state a specific port so I can access more than one interface via WAN. Thanks for reminding me of that!

zer0vini · Jan 16, 2024, 4:17 PM

This post is deleted!