[Solved] Port forward to a different port number
-
I'm trying to use NAT to forward an external port X (e.g. 8080) on WAN to a server on the LAN on port Y (e.g. 80). I followed the steps on doc.pfsense.org and I use the add firewall rule automatically.
This seems to work only if ports X and Y are the same. If I add a different port number to the "Redirect target port" on the NAT page it does not work. I'm on 2.1.For example, the values on the NAT page are:
Interface: WAN
Protocol: TCP
Destination: WAN address
Destination port range: 8080
Redirect target IP: 192.168.0.100
Redirect target port: HTTP (80)
NAT reflection: use system default
Add associated filter ruleThe filter rule is:
Action: Pass
Interface: WAN
Source: any
Destination: 192.168.0.100
Destination port range: HTTPHow can I make this work with different ports?
Thanks in advance.
-
I just put a somewhat "random" port forward into my home system and got this in /tmp/rules.debug
# NAT Inbound Redirects rdr on vr1 proto tcp from any to 10.49.175.1 port 4350 -> 10.49.160.42 port 4200
It looks like a reasonable pf redirect from port 4350 to port 4200.
What is in this section of your /tmp/rules.debug? -
-
My auto-added rule looked OK. The rule should be to permit the IP and port after NATranslation, because NAT happens first, then the firewall rules are processed. For you, there should be a rule to permit 192.168.0.100 port 80.
One tricky point is that the rule is added to the end of the existing rules. So if you have some combination of pass and block rules already on WAN, then the auto pass rule at the end may not be effective (an earlier wide-ranging block rule might stop the traffic first. If so, then move the auto rule up to/near the top. -
Thanks, Phil, that was it. The rule was added to the bottom and an earlier rule blocked the traffic.
Easy. Thanks for your help.