Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding

    Scheduled Pinned Locked Moved NAT
    8 Posts 4 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joule
      last edited by

      on my old linksys router, I was able to set up a web server on my LAN on port 80, then set up port forwarding on the linksys to allow WAN clients to connect to the web server using a non-standard port.  A client would connect to my WAN ip on port 1212.  The linksys did the port conversion from port 1212 to port 80.

      How would I set this up on pfsense and/or m0n0wall?

      I've tried setting up NAT inbound rules such as this:
      Proto  Ext.port  NAT ip          Int.port
        tcp    1212    192.168.1.5    80

      it didn't work.

      1 Reply Last reply Reply Quote 0
      • J
        jeroen234
        last edited by

        use that nat rule plus this on the wan interface:
        Proto Source Port  Destination    Port    Gateway Description
        TCP    *        *      192.168.1.5    80 (HTTP)  *        NAT

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          if your wan is in a private subnetrange make sure you have "block private subnets" at interfaces>wan disabled.

          1 Reply Last reply Reply Quote 0
          • J
            joule
            last edited by

            Thanks jeroen234, that did it.
            I was confused with the wording and put 1212 for source port in the firewall rules.  Once I changed it to * it started working.

            I spend a full day looking for this info, both on pfsense & monowall site & forums.  Really should be in a FAQ somewhere.  For those who need to run non-standard ports because their ISP is blocking the standard ones.

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              When creating the NAT just leave the "autocreate firewall rule" option enabled. It will set up the correct rules for you automatically.

              1 Reply Last reply Reply Quote 0
              • J
                joule
                last edited by

                When I created the NAT rule, I enabled the "autocreate firewall rule" option.  Thats when it didn't work because it put 1212 under the firewall rules WAN source port.

                What did work for me is the following:

                under Firewall NAT Inbound:
                IF      Proto  Ext Port Range    Nat IP        Int. Port Range  Descripton
                WAN    TCP      1212            192.168.1.5        80                web_server

                under Firewall Rules WAN:
                Proto  Source  Port    Destination    Port    Descripton
                TCP      *          *      192.168.1.5    80    NAT web_server

                This allowed me to have a web server on port 80 on 192.168.1.5 on my LAN,  and allows me to access it via the WAN port (internet) by going to http://www.mydomainname.com:1212

                Thanks for your help…  Unless I'm missing something, I think I'm good for now.

                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by

                  I just checked this but it works fine for me. The generated firewallrule is correct.

                  1 Reply Last reply Reply Quote 0
                  • Y
                    yoda715
                    last edited by

                    @hoba:

                    I just checked this but it works fine for me. The generated firewallrule is correct.

                    Confirmed. Auto create rule is functioning properly for me as well.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.