Help with Port Forwarding

jdeloach

I am new to pfSense and am having trouble forwarding ports.  I am using pfSense  2.0.3.  Most things have worked that I've tried so far except for forwarding ports.  I am trying to forward ports 2074 thru 2094 UDP to an interface on OPT2. I have tried the following:

NAT – WAN  UDP  *    *  WAN Address  2074:2094    192.168.123.116    2074:2094
Rule --  UDP  *    *  192.168.123.116  2074:2094  *  none

That didn't work.  Also tried this:

NAT --  WAN    UDP  *    *  OPT2 Address  2074:2094  192.168.123.116  2074:2094
Rule --  UDP  *    *  192.168.123.116  2074:2094    *  none

That also didn't work.  What am I missing, like I said, I'm new to pfSense, been using IPCOP for years, so I'm probably doing something stupid.
Do I need to enable or disable something to allow this, like a default that needs to be turned either On or Off?

I appreciate any help anyone can give.

James

johnpoz

How are you testing that its not working - if your trying to test via nat reflection that might be your problem.

It takes 2 seconds to forward a port or ports via pfsense.  Create your nat rule, and let it create your firewall rule for you (which is default setting)

Your first one looks correct.. but it should show ipv4 in there I would think

Here is my only udp rule (for ntp server running behind pfsense and member of the ntp pool) Works fine.

nat
WAN UDP * * WAN address 123 (NTP) 192.168.1.40 123 (NTP)

rule
IPv4 UDP * * 192.168.1.40 123 (NTP) * none

Maybe you just didn't copy the ipv4 section in your copy paste?

jdeloach

I didn't see IPv4.  Is this something that was added to 2.1 and since I'm using 2.0.3 doesn't show.  When it appears that 2.1 is more stable, I'll upgrade to it.

Anyway I notice now that the forwarding is working.  Not sure why, maybe I wasn't waiting long enough before I was checkeing.

Thanks for the info.

johnpoz

well yeah ipv4 or ipv6 needs to be listed ;)  Since 2.1 can do both.

As to more stable??  Not clear on your point, it is released and works GREAT!

jdeloach

I just notice that there seems to be several folks having issues with 2.1, didn't mean to put it down.  I'm sure it wouldn't have been released if it wasn't ready.

johnpoz

Several folks ;)  Out of HOW many people using it.. Most likely odd issues with upgrade from OLD versions with odd configurations.. So yeah there are always going to be those sorts of issues to work out, etc.

What you want to wait til 2.1.1 or something ;)  It is released, it is stable, it is ready for prime time - if it wasn't then it wouldn't of been released.

You mention your new to pfsense - so when did you install it, was 2.1 already released?

jdeloach

I actually started with 2.0.2 and then put it aside for awhile.  When I went back to it, I upgraded it to 2.0.3 and been using it to learn with.

Maybe I'll go ahead here someday when I have more time to spend with it and upgrade to 2.1 and give it a try.  My configurations aren't very complex, actually pretty generic.

johnpoz

Well if you want to play with ipv6 then you will have to move to 2.1  - if your setup is generic then just do clean.

Maybe I am spoiled with running mine on vm, but it takes takes no time at all to try this version of that version - if need be roll back, or just switch to different vm running different version, etc.  Every now and then if someone has issue with older version I want to try and duplicate I just fire up a vm with that version on it, etc.

So maybe I am spoiled with time to spend - since there isn't any really, only takes minutes to switch around what distro I use for my router - be it pfsense, ipcop, m0n0wall, etc.  Since I can have the VM use the same mac as its wan don't even need to restart my cable modem.