Help nat/portforward



  • Hello everyone,
    I have a problem in nattare / PortForward my static public address to pfSense. 'll Explain my situation.

    modem / router
    ip address 192.168.0.1
    NAT ENABLED

    pfSense with 2 network cards
    NAT ENABLED
    network card (wan)
    192.168.0.2
    connected directly to the modem

    network card (LAN)
    ip address 192.168.1.1/24
    client with a static address and gateway of 192.168.1.1 defaut

    On pfSense I configured as the default gateway modem / router:
    192.168.0.1

    So configured everything works without any problems, but if I wanted to achieve a pc of my lan (192.168.1.0/24) from the internet I do not know how to configure my pfSense.
    I would be grateful if someone could help me configure pfSense to access to a PC on the network.
    Thanks in advance


  • LAYER 8 Global Moderator

    Why do you have a double nat?  I would suggest remove that - can you not put your "modem/router" into bridge mode so that pfsense gets a public IP on its internet facing interface (wan)?

    If not then you have to forward the traffic you want to get to pfsense first on that "modem/router" to the pfsense wan IP, then on pfsense create your port forward to the inside box.  Or you need to put the pfsense wan IP into the dmz on your first nat device.

    Then just create a port forward on your pfsense.

    http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F



  • Hello John,
    thanks a lot for your reply, you are always ready to give me suggestions.
    So about your first question I cant setup modem/router in bridge mode

    Then I should do that:
    setup port forwarding in modem/router

    HTTP start port 80 end port 80 server ip address 192.168.0.2 (ip wan pfsense)

    setup in pfsense port forward

    if      proto    src. add    src.port      dest addr    dest port        nat ip                            nat port
    wan tcp/udp      *              *            wan net          80        192.168.1.* (device lan)      80

    so u think that is correct?
    I would appreciate sharing your ideas with me

    roberto


  • LAYER 8 Global Moderator

    Well I highly doubt you need UDP on http.  And assume * is just place holder for the IP you want to send it too you can not send to wildcard.

    You might be better off putting pfsense IP in the dmz of your first nat router - or any future forwards you going to have to create in both places again.



  • Hello John,
    so i assume my idea is ok, just i have to change tcp/udp in tcp on http sure. Yes i mean with * just any device in the lan.
    I dont know how i put pfsense ip in the dmz of nat router so I leave it configured how i explaned.
    Thanks!!!


  • LAYER 8 Global Moderator

    What is the make and model of your modem/router ?  I would assume they support a dmz setup, if you give the make and model of it we can look to see.



  • model is netgear dgn3500, I checked setup and default dmz server is 192.168.0.2 so shall i use this number for (pfsense)?


  • LAYER 8 Global Moderator

    well if that is already set and that is your pfsense wan IP, you should be good to go and not need any forwards on your modem/router

    edit: Some devices require being connected to specific lan port as well.

    edit2:  I just looked at a manual for that model, and seems that dmz is disabled by default.  So make sure you enable it an you should be good for any future port forwards you need.



  • I followed your instruction and connection is ok.
    So if now you think setup pfsense and modem/router is ok I will check portforwarding next days…
    Thanks a lot!!!



  • hello,
    just i did try from port forwarding tester but I continue to have problems.. Port 80 is closed.
    Someone can help me?
    thanks in advances.


  • LAYER 8 Global Moderator

    what is your wan rules, and what is your port forward rules?

    If pfsense is in dmz of your router in front of pfsense, and didn't mess up the rules it should be working.

    Now keep in mind many ISPs block port 80 inbound because your not suppose to run servers, etc.  Check with your ISP to see if they block specific inbound ports?

    First check I would do is a sniff on pfsense wan interface - do you see the packets when you test?  I use canyouseeme.org



  • So about your first question I cant setup modem/router in bridge mode

    Just trying to clarify: Are you using any features of the router except for the modem? Because the router supports disabling NAT under "Basic Settings"  (however this also resets the configuration to factory default).


Log in to reply