Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Test Port Forwarding inside network

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cpthk
      last edited by

      I am setting up port forwarding. When I tested inside the network, it didn't work. After reading the troubleshooting page, it says that I couldn't test inside the network.
      Does anyone know the reason behind it? Why it cannot be tested inside the network?
      My normal cisco, d-link routers could be tested inside the network. What's the reason of it? Anyway I could work around it?

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @cpthk:

        I am setting up port forwarding. . . .  Why it cannot be tested inside the network?

        pfSense port forwarding creates a firewall rule to forward connection requests that arrive at the box on a specified interface. Imagine you have created port forwarding rule on the WAN interface. You can't test this by sending a connect request to the WAN IP address trough the LAN interface - such requests do not arrive on the interface in the port forwarding rule.

        1 Reply Last reply Reply Quote 0
        • L
          Lee Sharp
          last edited by

          You can enable port reflection, which will make it seem to work.  But it is not a good test as it can reflect without actually passing exterior traffic.

          To truly test it, you need to be outside the network.  An VPN will do this for you.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            If you do not configure Nat to translate client's source address, pfsense will forward traffic to internal server and this server will try to answer direct to the client with its IP instead of public Nat ip

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • C
              cpthk
              last edited by

              @wallabybob:

              @cpthk:

              I am setting up port forwarding. . . .  Why it cannot be tested inside the network?

              pfSense port forwarding creates a firewall rule to forward connection requests that arrive at the box on a specified interface. Imagine you have created port forwarding rule on the WAN interface. You can't test this by sending a connect request to the WAN IP address trough the LAN interface - such requests do not arrive on the interface in the port forwarding rule.

              The request first arrives at the LAN interface, but shouldn't LAN interface pass the request to WAN ? (just like any other website you go to, those requests get past to WAN and to ISP) So the WAN should also get the request. Is this not true?

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by

                @cpthk:

                The request first arrives at the LAN interface, but shouldn't LAN interface pass the request to WAN ? (just like any other website you go to, those requests get past to WAN and to ISP) So the WAN should also get the request. Is this not true?

                What request?
                1. Suppose an access to the IP address of the DMZ server. That will go out the DMZ interface.
                2. Suppose an access to the IP address of the hardware interface that is the pfSense WAN interface. That addresses the pfSense box itself so goes no further - it does not go out the WAN interface in the hope that the upstream router will loop it back and hence it is not received (seen by the receive input) by the hardware interface that is the pfSense WAN interface.

                Does that answer the question?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.