Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Portforwarding Multi Wans

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    14 Posts 4 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cbadk
      last edited by

      Hi!

      I have a server with 4 NICs:
      3 NICs with ISP connection
      1 NIC connected to our LAN

      (Please take a look at the diagram)

      All NICs connected to our ISP gets one public IP via DHCP.

      This is what i have done so far:

      1. Installed Pfsense with WAN and LAN ip´s pointing to the correct NICs
      2. I added the missing NICs in INTERFACES > ASSIGN and renamed them to WAN2, WAN3
      3. I checked if the 2 new nics was getting an IP from the ISP and it seems to work fine.

      So good so far.

      What I want do now is to forward ports from the servers to the new public IPs. And heres the problem:
      If you port forward to the WAN1( the one i picked in the installation ) all the ports seems to work fine. But when we port forward something to WAN2 it doesn´t.

      ![wan interface.png](/public/imported_attachments/1/wan interface.png)
      ![wan interface.png_thumb](/public/imported_attachments/1/wan interface.png_thumb)
      wan1.png
      wan1.png_thumb
      wan2.png
      wan2.png_thumb
      diagram.png
      diagram.png_thumb

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        What's "doesn't work"?

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          @cbadk:

          But when i try to portforward something to WAN2 it doesnt work.

          Please provide more details in the form: When I do … I see ... but I expected to see ... because ...

          It seems a reasonably common mistake is for people to set up a port forward for connections arriving on the WAN interface and expect them to work for connections arriving on the LAN interface. But without details of what doesn't work …

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Not to mention that the last screenshot shows redirect target port empty, which obviously "doesn't work".

            1 Reply Last reply Reply Quote 0
            • W
              wallabybob
              last edited by

              @doktornotor:

              Not to mention that the last screenshot shows redirect target port empty, which obviously "doesn't work".

              Looks to me the Redirect target port is "HTTP".

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                @wallabybob:

                Looks to me the Redirect target port is "HTTP".

                Ah, correct. Those red boxes are extremely distracting.

                1 Reply Last reply Reply Quote 0
                • C
                  cbadk
                  last edited by

                  Thank you all for your comments. Updated the thread.

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    That did not move us one inch further wrt it "doesn't work" description, I'm afraid. What exactly are you trying to do that doesn't work as expected? Browse to the webserver using the public IPs? From LAN? From outside? Using IPs or the FQDN (And what are the DNS records for those if the latter)? This WANs are failover or something else?

                    1 Reply Last reply Reply Quote 0
                    • C
                      cbadk
                      last edited by

                      It´s actually a pretty simple question:

                      Why does Pfsense prevent incomming traffic to WAN2 and WAN3, even tho port forwarding is set in the firewall rules?

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        @cbadk:

                        It´s actually a pretty simple question:

                        Your "simple" question is impossible to answer without providing  the requested information.

                        1 Reply Last reply Reply Quote 0
                        • C
                          cbadk
                          last edited by

                          OK, lets try this another way.

                          Let´s say we have 1 server with 4 network cards.

                          We connect 3 of network cards to the internet and all 3 network cards now have their own public ip addresses.

                          We connect 1 to our LAN.

                          On our LAN we have 5 servers.

                          We now installed Pfsense and want to allow traffic from WAN1, WAN2, WAN3 to our LAN.

                          Server1 is our mail server. So we want to allow traffic on port 25, 80, 110 from WAN1 to travel to our server 1

                          Server2 is our webserver. So we want to allow traffic on port 80 from WAN2 to travel to our server 2

                          Server3 is our other webserver. So we want to allow traffic on port 80 from WAN3 to travel to our server 3

                          What would it take for us to allow traffic to travel through on WAN2 and WAN3 to our servers, is there any special NAT settings for this in pfsense?

                          1 Reply Last reply Reply Quote 0
                          • D
                            doktornotor Banned
                            last edited by

                            Uh.

                            1/ In Firewall - NAT you set up the port forwards.
                            2/ In Firewall - Rules - WANx you allow the traffic as needed.

                            Once again, if you want to debug your issue, provide the requested information. Otherwise, this thread is completely pointless.

                            1 Reply Last reply Reply Quote 0
                            • C
                              cbadk
                              last edited by

                              Found the problem.

                              When a new firewall rule was created "Filter rule association" was set to "Add associated filter rule". If I pick Pass instead it works. Now it allows traffic to travel through WAN2 to LAN (port forwarding)

                              I did notice this warning when creating a new firewall rule: "NOTE: The "pass" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway."

                              Anyway, thank you for your help…

                              firewallrule.png
                              firewallrule.png_thumb

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Out of interest why did you choose 'pass' the first time? Create associated rule is the default setting.

                                Also you may find that your servers appear to all use the same public IP for outgoing traffic unless you set manual outbound NAT rules.

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.