Multi-wan, Multi-lan, no load balancing or failover, port forwarding not working



  • Hey Guys! First off, thanks for the countless hours of effort put into the forms. It's been keeping me afloat…until now.

    I cannot for the life of me get port forwarding to work correctly from WAN2 to LAN2 (Or even to LAN1, when LAN2 didn't exist)

    Network diagram is as follows:

    ISP---WAN1----\                      /----LAN1(10.1.1.0/24)----Server 1
                            \                    /
                              > PFSense <
                              /                   
    ISP----WAN2----/                      ----LAN2(10.1.2.0/24)----Server 2

    NAT port forwarding policies have been created as follows:

    If Proto  Source/Port Dest. addr. Dest. ports NAT IP NAT Ports
    WAN2 TCP * * WAN2 address 25 (SMTP) 10.1.2.242 25 (SMTP)
    WAN2 TCP * * WAN2 address 80 (HTTP) 10.1.2.242 80 (HTTP)
    WAN2 TCP * * WAN2 address 443 (HTTPS) 10.1.2.242 443 (HTTPS)
    WAN2 TCP * * WAN2 address 3389 (MS RDP) 10.1.2.242 3389 (MS RDP)

    *All polices have associated fules configured, below are the rules that were created by the NAT policies above

    WAN2 Rules

    Proto Source/Port Destination Port Gateway
    IPv4 TCP * * 10.1.2.242 80 (HTTP) WAN2_DHCP
    IPv4 TCP * * 10.1.2.242 443 (HTTPS) WAN2_DHCP
    IPv4 TCP * * 10.1.2.242 3389 (MS RDP) WAN2_DHCP
    IPv4 TCP * * 10.1.2.242 25 (SMTP) WAN2_DHCP

    **Remote desktop is only enabled as a quick way to test for connectivity
    ***All rules have the gateway configured as "WAN2_Gateway"

    LAN2 Rules

    Proto  Source        Port  Destination  Port  Gateway
    IPv4*  VLAN2 net  *      VLAN1 net    *      *
    IPv4*  *                *      *                    *      WAN2_DHCP

    Notes:
    Both WAN interfaces are configured via DHCP
    The WAN interfaces are NOT in an interface group
    Sticky connections are turned off
    Reply-to is enabled in advanced settings as well as on every rule
    LAN2 is restricted to ONLY use WAN2 which IS working
    A nearly identical set of rules for WAN1 exist to a different host and those are working correctly
    Before LAN2 existed I could make the NAT policies on either WAN1 or WAN2 work by making either WAN1_DHCP or WAN2_DHCP the default gateway, or in other words the NAT policies only work if the interface specified in them is made the default route

    Does anyone have any idea what I'm missing?
    Thanks in advance!