Port forwarding through on a dual wan.



  • Gidday all.

    I've read all over these forums and the wiki for a number of hours now, but I still can't seem to get this right.

    Firstly, I've set up (and have working) a load balanced dual wan connection.
    Both my WAN connections on the pfsense are set to DMZ on each ADSL router.
    I have one computer that I am trying to allow a port into.
    Currently using the "http://www.utorrent.com/testport.php?port=<portnumhere>" page to check incoming ports, but no matter what I put in the Firewall rules, it seems to be blocked each time.

    There's a simple diagram of the network and the port I'm trying to forward is 19040(tcp) to an inside computer with the address 192.168.0.1

    Currently I've got:
    WAN Rules
    –---
    Proto  Source  Port    Destination  Port  Gateway
    TCP  WAN address  *  *  19040  *

    WAN2 Rules

    Proto  Source  Port    Destination  Port  Gateway
    TCP  WAN address  *  *  19040  *

    And

    LAN Rules

    Proto  Source  Port      Destination  Port  Gateway
    TCP  WAN address  *  192.168.0.1  19040  *

    But I still see firewall logs come through saying:
    x  'time'  WAN  200.171.248.180:50699  192.168.1.8:19040  TCP

    Any glaringly obvious mistakes I'm making?

    Regards,
    Omega-00

    P.S. Happy easter.</portnumhere>



  • Just checking, but you did go to NAT, port-forward, and add a rule to fwd port 19040 on the wan to 192.168.0.1 19040, right?
    By nature double-NAT may screw things up, so if bridging the forward-side WAN router is an option to look into.
    If the app opens multiple ports, you might want to try UPNP also.
    A couple of other points:
    The WAN2 rule should reference WAN2, not WAN.
    You shouldn't need anything special on the LAN tab. (besides the load-balance stuff)
    The WAN rule should have 192.168.0.1 as the destination.
    If you leave the 'autocreate firewall rules' box checked when you create the NAT, that will take care of the firewall rules.



  • Ok, that worked.
    I had forgotten to put the NAT rule in, just created the firewall rules myself. ;D

    WAN  TCP  19040  192.168.0.1 (ext.: 192.168.1.8) 19040

    That made it work and added the appropriate firewall rules too.
    Thanks heaps for that. ;)


Log in to reply