Port forward external port to different internal port [SOLVED]



  • In this example lets say I want to forward port 8888 on my public side to 192.168.0.100 port 80 on my LAN.

    I have the firewall rule added to allow incoming port 8888 on wan..  And the nat rule setup with dest port of 8888, and redirect ip to my private and redirect port to 80.

    This doesn't work as expected.  If I simply change the webserver on 192.168.0.100 to listen on 8888 then it works.

    Is there an extra step I'm missing to forward a port to a different internal port?



  • Maybe the port 80 cannot be used or is used by other services (pfSense GUI?).

    Can you post port forwarding and firewall rules?



  • Rule should be something like:
    WAN TCP * * (public IP/WAN) 8888 192.168.1.100 80 Webserver redirect

    By default, the port-forward will create a linked firewall rule.



  • Screenshots attached..

    I'm not using the associated FW rules because I have multiple networks that I'm allowing connections from.

    I don't think it's the FW rule though because if I change the server to listen on 8888 instead of 80, and change the redirect target port to 8888 it works.

    Don't think it's related to port 80 because I can make the server listen on anything, and if I try to redirect the port in the NAT rule it breaks.

    Gonna see if I can get some logs.






  • Should be:

    port forwarding
    WAN  TCP  *  *  WAN address  8888  192.168.0.100  80

    With firewall rule on WAN tab:
    IPv4 TCP  *  *  192.168.0.100  80  *  none



  • @Wolf666:

    Should be:

    port forwarding
    WAN  TCP  *  *  WAN address  8888  192.168.0.100  80

    With firewall rule on WAN tab:
    IPv4 TCP  *  *  192.168.0.100  80  *  none

    The firewall rule did it.  That seems kind of weird how you have to do that.  Dest 192.168.0.100 dest port 80.

    Makes me feel like I'm opening up port 80 to the world, even though I'm not.  So I just did some testing, it seems like the rule only needs to be written like that if your doing port redirection.

    Just before I read this I was looking in the logs, and saw it blocking my public source, with destination of 192.168.0.100:80.

    Thanks for the help!