Port forwarding, VPN and firewall rules

  • I need help.  I've been reading all I can on port forwarding and still cannot get access to my Plex server.  I'm sure it has something to do with my firewall rules, my VPN WAN interacting.

    Plex by default uses UPNP or NAT-PMP, which I have enabled and do see setting in the status report.  However, this is not working so I create a manual one.

    I created it on my VPN gateway and redirected port 32400 from any VPN gateway address to tower using the same port number.  This didn't work either.

    How do I setup a port forward if it is coming in over a VPN gateway.  Can it be done on the VPN gateway or does it have to be done LAN or WAN instead?

    My setup:
      WAN - normal gateway
      PIAVPN - openvpn gateway

    My LAN firewall rules send traffic from my work laptop, and my VOIP alias (two IP addresses for my two Ooma boxes) out WAN and everything else goes out the PIAVPN.

    All other firewall rules are floating, not associated with any interface and only direct traffic through queues for traffic shaping.

    One set of shaping rules is to send all the TCP and UDP data from my tower server ( through the p2p queue because it does backups and such.  This is also my media server running Plex that I want to have access to from the outside.  Plex talks via port 32400 so I wanted to port forward this port to tower.  These firewall rules don't block anything, just specify which queue to use.

    What am I doing wrong?


  • Maybe a more specific question.

    If my ingress gateway is a VPN gateway, can I do port forwarding on that gateway or will the port number not be useable.  If it is unusable, do I then do the port filtering on the LAN interface?


  • Final followup.  It was not a port forwarding issue.  It was because my VPN provider Private Internet Access does not support port forwarding.  At least not in a straightforward way.

    I finally figured this out by looking at the state tables, and realizing that no traffic of port 32400 ever entered pfsense.

    Just in case someone else is dealing with this issue, verify that your VPN provider actually supports it.