Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding problem

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    12 Posts 5 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krisken
      last edited by

      Hi there!

      I want to forward any traffic on port 10022 on the WAN site of my pfsense router (IP = 10.2.0.2 on WAN - IP 10.0.0.1 on LAN) to my SMS gateway (10.0.0.10 IP on LAN) on port 22.

      I've tried this using NAT, but it doesn't work at all…

      http://krisken.dommel.be/pfsense/portforward.jpg

      1 Reply Last reply Reply Quote 0
      • B
        beppo
        last edited by

        i guess you have to adjust the rule to src ports ANY and dest ports 10022

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Howdy, I'm still kinda new to this but I believe you need to change your source ports to any, your destination address to your wan and your destination ports to 10022.

          This will change your rule to say any traffic regardless of source coming at your wan from 10022 should be forwarded internally  to your system at 10.0.0.10 on port 22.

          If that doesn't help hold out for someone with more experience but like I said I believe that should address your problem.

          Best of luck. =)

          1 Reply Last reply Reply Quote 0
          • K
            krisken
            last edited by

            Thanks for your help!

            What do i have to set under:

            • protocol TCP (i guess…SSH is tcp)
            • src ports ???
            • Dest address : 10.0.0.10
            • Dest port : 22 (SSH)
            • NAT IP : 10.0.0.10
            • NAT ports : 22 (SSH)

            or...what do i have to change?

            1 Reply Last reply Reply Quote 0
            • K
              kpa
              last edited by

              Change the source port(s) to any, in 99.99% of TCP connections the source port is a random port in 1024-65536 range. Also change destination address to WAN address because that's the address the IP packets will be arriving at before address translation.

              1 Reply Last reply Reply Quote 0
              • K
                krisken
                last edited by

                So it have to be like this?

                portforward2.jpg
                portforward2.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  What do your firewall rules on WAN look like?

                  If your WAN resides on a private numbered network like 10.x, make sure you have disabled the feature to block inbound traffic from private networks under Interfaces > WAN.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • K
                    krisken
                    last edited by

                    @jimp:

                    What do your firewall rules on WAN look like?

                    If your WAN resides on a private numbered network like 10.x, make sure you have disabled the feature to block inbound traffic from private networks under Interfaces > WAN.

                    The screenshot above is my WAN connection (Scarletfix and Dommelfix are my 2 ISP's).

                    SMS gateway 10.0.0.10 <–-----> 10.0.0.1 pfsense 10.2.0.2 <-------> 10.2.0.1dommelfix

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      The screenshot gives your port forward entry, not the WAN firewall rules.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • K
                        krisken
                        last edited by

                        I see, sorry

                        Here is the screenshot
                        http://krisken.dommel.be/pfsense/rulessh.jpg

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          That looks good too. If you go to Diagnostics > States and filter on the IP trying to ssh while you do it, what shows up?

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • K
                            krisken
                            last edited by

                            @jimp:

                            That looks good too. If you go to Diagnostics > States and filter on the IP trying to ssh while you do it, what shows up?

                            When i try to connect to the server (noc.it2go.eu port 10022), i get an error "can't connect etc" in putty.
                            But when i connect to 10.0.0.10 port 22, everything goes well

                            Problem doesn't seem to be pfsense…

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.