Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding only working to /24 addresses

    Scheduled Pinned Locked Moved NAT
    7 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NoMiT
      last edited by

      Hello all, Thanks for in advance for reading my question.

      My Pfsense setup is on a /16 subnet(The lan interface is 192.168.1.1/16) with devices ranging from 192.168.0-255.0-255 and they all can use the gateway fine and access the WAN correctly.

      However I simply do not understand what Port forwarding is doing.

      If I forward port 7000 from a WAN address to a device on the lan(192.168.1.232/16 for example) it will not work, UNLESS I change the subnet on the 192.168.1.232 device to /24.

      Example addresses of Port forwarding working
      192.168.1.232 With a Subnet of 255.255.255.0
      192.168.13.180 With a Subnet of 255.255.255.0

      Example addresses of Port forwarding not working
      192.168.1.232 With a Subnet of 255.255.0.0
      192.168.13.180 With a Subnet of 255.255.0.0

      I have tried different ports/devices and everytime it only works if the lan device is set to a /24 subnet.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        I have nat configured on /22 networks with no issues, can you post a screenshot of your nat rule?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          what's the source IP of the host you're port forwarding traffic from? Out on the Internet, or on a private network? my first guess is you're forwarding in from a 192.168.x.x network and hosts with a /16 mask see that as a local network, which means the replies won't go anywhere.

          1 Reply Last reply Reply Quote 0
          • N
            NoMiT
            last edited by

            Thank you guys for the replies. I posted 3 images. One of my LAN interface, one of the port forward, and one of the related rule.

            I am forwarding the port from WAN address which is a public facing IP on a /5 subnet (It is not a 192 address)

            natrule.PNG
            natportforward.PNG
            natrule.PNG_thumb
            natportforward.PNG_thumb
            lan.PNG_thumb
            lan.PNG

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              I did not found erros on your config.
              Do your wan has a valid ip?

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • N
                NoMiT
                last edited by

                Yes it has a valid wan ip, and I can access the internet via internal devices on both /24 and /16 subnets, but the really odd part is that the ports forwards work fine if I change the device to a /24.

                Right now the websites in question are available and being used (Because I switched their internal ip to a /24), but it is really annoying to have to segment parts of our internal network for no logical reason.

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  Time to packet capture, start with the LAN on the firewall, filter on the destination host's IP. If you see it leaving there, go to the target server and capture.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.