Newbie question, new install, port forwarding not working

  • Hello there:

    Reinstalled Pfsense from scratch and started over a few times, still cannot seem to get port forwarding working.

    I have one workstation on each end, plugged directly into WAN, and another workstation directly plugged into LAN.

    Yes, I have read the Wiki on troubleshooting port forwarding.

    Looking at the logs, I do see connections to the LAN server.  Wondering if we have a routing issue, or something simple that I am missing.  Any thoughts?


    *    *  WAN address 8022  22
      *    *  WAN address 80 80


    *    *  22
      *    *  80

    WAN  GW
    LAN  GW

    For both interfaces, I've unchecked 'block private' and 'block bogon'.

    NAT reflection + proxy is enabled.

    Using this firewall internally, to connect to private networks.

    Thank you.

  • If the internal server LAN address, and the pfsense LAN IP, that LAN server should have a gateway address of the pfsense LAN IP.

    I try to understand your setup like this:

    Workstation A –--- WAN pfsense LAN ----- Workstation B

    A: IP netmask gateway
    B: IP netmask gateway

    Pfsense WAN:
    Pfsense LAN:

    If thats not what you meant, please make topology drawings for better understanding on your issues.


  • Yes, Julius, what you have described is accurate.

    And yes, I have the LAN server pointing to as its default gateway.

    Also, thought I read something about on Pfsense itself (configured in the web gui), to not have a default gateway for the LAN interface or something like that.  Think I tried that already though, then changed it back.

    I've got to be missing something simple here, rebuilt this thing a few times already.

    Looking at the logs, I do see successful connections to  I've also run tcpdump as well, didn't see any errors.

    Thank you for your help.

  • I have made a mistake on workstation A, its gateway IP should be pfsense WAN address. Pfsense LAN should not have gateway. You can try auto NAT on outbound, then create port forwarding from source any, destinantion WAN address with port you want, to redirect to the workstation B port 80.

    Don't use proxy. Fresh install of pfsense should work out of the box which enabling auto NAT outbound, set forwarding, and firewall rules should be sufficient.

    Check also on the pfsense LAN firewall rule, you should open all traffic from LAN side to any for now. I did a simulation on virtual environment and it works ok.

    Do not check the option to block private networks on the WAN interface.

    Below are some snips of the setup I did: (WAN Subnet) –---- (WAN) pfsense (INTNET0) ------ (LAN SUBNET)

    My Computer on WAN: gateway (pfsense WAN)
    Server on LAN: gateway (pfsense INTNET0)

    pfsense WAN: (no gateway, disable block private networks)
    pfsense INTNET0: (no gateway)

    a. Don't forget to check 'Enable interface' option on pfsense
    b. Once all machine are interconnected, do a test ping from pfsense to My Computer and Server on LAN
    c. Check Auto NAT outbound on WAN interface.

    d. Create port forwarding rules

    e. Create firewall rules on WAN interface, this usually automatically created during port forwarding rule setup.

    f. Allow all traffic originating from LAN subnet to any.

    That configuration is successful on my side, and of course, do change the IP addressing as you want, the most important thing is do not enable block private network option on WAN interface since you are using private network on both WAN and LAN.

    Hope that helps.

  • Banned

    Stop assigning gateways on your LAN!

  • Removed gateways from both LAN and WAN, but that seems counterintuitive to me (the WAN side to have no default gateway).  Also fyi, afterwards, if I try to ping through the firewall from to , I get 'no route to host' on the server.

    I can however ping the LAN interface from the LAN side, and ping the WAN interface from the WAN side.

    Local firewalls on server and workstation are both disabled.

    Also configured NAT to 'pure NAT'.

    All 'block bogons' and 'block private networks' are unchecked.

    So frustrating, I have a ton of firewall experience, but to no avail.  Feel like I am missing something simple here.

    Anything else I should be looking at?

    Thank you.

  • Banned

    Sigh. You should NOT remove gateways from your WAN. Where did you get that idea in the first place?

    Stop assigning gateways on your LAN!

  • I don't know, think somebody suggested it at some point.

    WAN gateway put back in place.  Still no dice.

  • Also, I have IPv6 disabled completely fyi.

  • I did suggest to remove wan gateway, try putting pfsense in router mode.

    I've test on similar setup to your issue as follow:

    WAN: gateway


    NAT+Proxy Reflection Mode
    Auto Outbound NAT rule generation
    pfSense Webconfiguration port 88

    Forwarding Rules:
    WAN Address port 80 to port 80
    WAN Address port 8022 to port 22

    WAN rules:
    Allow any to WAN address port 88 tcp (for webconfigurator)
    2 other rules generated automatically during port forwarding

    LAN Firewall Rules:
    Allow any to any, proto any.


    Workstation A connected to pfsense WAN:
    IP: gateway

    Workstation B connected to pfsense LAN:
    IP: gateway

  • How do I put pfsense in 'router mode'?

    Otherwise, I'll setup as you've recommended below, though it's not much different that what I have already setup.

    Thank you.

  • Banned

    This really just works. No need to disable firewall, use router mode, no need for any manual outbound NAT or any similar nonsense.

  • Uhm. Can I know how to set pfsense on router mode? thanks! I can't get my WAN work with my static wan IP.

Log in to reply