Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forward to another interface

    Scheduled Pinned Locked Moved NAT
    14 Posts 2 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GruensFroeschliG
      GruensFroeschli
      last edited by

      Can you please clarify from where on which interface you're connecting and what the routes (default gateway) on the pfSense are?

      It is possible, but might require a different approach (source NATing).

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • A
        apant
        last edited by

        Default Gateway is the Opt1 interface and I want to forward port 5555 from Opt1 interface to 192.168.1.254 that is connectet to Opt2 interface.

        The Lan interface has 192.168.250.0/24
        The Opt2 Interface has 192.168.1.0/24
        The Opt1 Interface has static pppoe from ISP (default)
        The WAN Interfacer has static pppoe from ISP. (not used temporary).

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          Ok like this it should just work out of the box.

          Did you follow the port forward troubleshooting guide?

          If you enable logging for the rule allowing the traffic: do you see it in the log? Do you see anything in the log?

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • A
            apant
            last edited by

            I can see a pass !

            Jul 12 16:22:32 4CHANNELSMAIL x.x.x.x:36359 192.168.1.254:22 TCP:S

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              If you look at the traffic with TCP dump (or wireshark on the server) do you see any frames actually going to the server?

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • A
                apant
                last edited by

                It is not actualy a server but a router. It is a router that makes PPPoE passthrough to the Opt1 interface and port2 of router is connected to Opt2 because my provider wants ssh access to the router and this is why I want the port forward this way.

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  Ok my guess would be, that this router might try to answer to the incoming connection directly without sending it back over the pfSense.

                  To avoid this you can enable source NAT on the pfSense:

                  Go to: Firewall –> NAT --> outbound

                  • Enable manual outbound rule generation
                  • Create a rule:
                  • Interface: OPT2
                  • Source: any
                  • Sourceport: any
                  • Destination: 192.168.1.254
                  • Destinationport: 22
                  • Leave the rest on default (translation on interface address, no static port)

                  Like this all traffic to the ssh server appear as from the pfSense --> local traffic.

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • A
                    apant
                    last edited by

                    It didn't work

                    :(

                    1 Reply Last reply Reply Quote 0
                    • GruensFroeschliG
                      GruensFroeschli
                      last edited by

                      What didn't work?

                      Do you see traffic going to the ssh server?
                      Can you even log into the ssh server locally?
                      –> Did you follow the portforwarding troubleshooting guide?

                      We do what we must, because we can.

                      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                      1 Reply Last reply Reply Quote 0
                      • A
                        apant
                        last edited by

                        I thing I found the problem…. I will be absolutely sure tomorrow that I will speak with my provider.

                        I open an ssh to the router (192.168.1.254) and I tried to ping 192.168.250.5 (pfsense) and I got network unreachable. Then I saw that the static route 192.168.250.0/24->192.168.1.1 is not working !

                        I thing this is the problem. The router cannot send the packets back to pfsense.

                        Tomorrow I will have news.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.