Port forwarding



  • on my old linksys router, I was able to set up a web server on my LAN on port 80, then set up port forwarding on the linksys to allow WAN clients to connect to the web server using a non-standard port.  A client would connect to my WAN ip on port 1212.  The linksys did the port conversion from port 1212 to port 80.

    How would I set this up on pfsense and/or m0n0wall?

    I've tried setting up NAT inbound rules such as this:
    Proto  Ext.port  NAT ip          Int.port
      tcp    1212    192.168.1.5    80

    it didn't work.



  • use that nat rule plus this on the wan interface:
    Proto Source Port  Destination    Port    Gateway Description
    TCP    *        *      192.168.1.5    80 (HTTP)  *        NAT



  • if your wan is in a private subnetrange make sure you have "block private subnets" at interfaces>wan disabled.



  • Thanks jeroen234, that did it.
    I was confused with the wording and put 1212 for source port in the firewall rules.  Once I changed it to * it started working.

    I spend a full day looking for this info, both on pfsense & monowall site & forums.  Really should be in a FAQ somewhere.  For those who need to run non-standard ports because their ISP is blocking the standard ones.



  • When creating the NAT just leave the "autocreate firewall rule" option enabled. It will set up the correct rules for you automatically.



  • When I created the NAT rule, I enabled the "autocreate firewall rule" option.  Thats when it didn't work because it put 1212 under the firewall rules WAN source port.

    What did work for me is the following:

    under Firewall NAT Inbound:
    IF      Proto  Ext Port Range    Nat IP        Int. Port Range  Descripton
    WAN    TCP      1212            192.168.1.5        80                web_server

    under Firewall Rules WAN:
    Proto  Source  Port    Destination    Port    Descripton
    TCP      *          *      192.168.1.5    80    NAT web_server

    This allowed me to have a web server on port 80 on 192.168.1.5 on my LAN,  and allows me to access it via the WAN port (internet) by going to http://www.mydomainname.com:1212

    Thanks for your help…  Unless I'm missing something, I think I'm good for now.



  • I just checked this but it works fine for me. The generated firewallrule is correct.



  • @hoba:

    I just checked this but it works fine for me. The generated firewallrule is correct.

    Confirmed. Auto create rule is functioning properly for me as well.


Locked