Most Port Forwards working but not all



  • I am trying to resolve why the below Port Forwards are not working for port 443 (HTTPS). All of the other rules work flawlessly externally. However, I can only access the 443 forward internally. What gives?

    NAT Info:

    Firewall Rules (WAN):

    Firewall Rules (LAN):

    I went to Status >> System Logs >> Firewall to see if anything might be blocked, however nothing related any of the port forwards appear when searching (after attempting to visit them externally). Is there an alternative setting that needs to set to log the port forward information?



  • Are you running the pfSense WebGUI on 443 or 80?


  • Rebel Alliance Global Moderator

    Why would anyone have a allow all rule on their "wan" interface??



  • Maybe your Zone Director box has a firewall that is blocking the traffic that is not on the same subnet. Not sure what a zone director is? I did a quick Bing.com search on it and it looks like some type of wireless access Point controller. That might be your issue.



  • It is the controller for our Ruckus wireless access points. I just wanted to make sure I'm not crazy, because these settings worked some time ago.  I had an allow all rule for testing purposes here.


  • Rebel Alliance Global Moderator

    And why would you still have it if testing from before?

    Does your wireless controller have gateway set? This is common problem. Either the host your trying to ping has firewall, or the device has no or wrong gateway set because before you always accessed it from the same network.

    And your first rule there is forcing everying out a gateway.. load_balance.. If you want local segments to talk to each other you can not force traffic out a specific gateway that might not be able to get there.  First rule to fire wins.. none of the other rules are even looked at.


  • Netgate

    I am not a fan of Dest Address '*'.  Not sure what it does but it just feels, well, sloppy to me.  Just specify the interface address or VIP.

    As has already been pointed out, all your NAT targets need to be routing return traffic back to this pfSense node.  This usually means default gateway pointed at pfSense.