Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with port forwarding through VPN

    NAT
    3
    10
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      plainzwalker
      last edited by

      I am trying to get specific ports to be routed through the VPN from different machines. I have attached shots of my settings below. Traffic is being passed if I look at my packet captures, but apparently either it is only going one way through the VPN or something else is blocking it since I am still getting reports of being unconnectable. Can someone please help me?

      I thought I had figured out the solution to this problem a while ago but apparently I was wrong.
      1.PNG
      1.PNG_thumb
      2.PNG
      2.PNG_thumb
      3.PNG
      3.PNG_thumb
      4.PNG
      4.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Source ports are generally random and dynamic and it's usually a mistake to specify them:

        Specify the source port or port range for this rule. This is usually random and almost never equal to the destination port range (and should usually be 'any').
        Hint: you can leave the 'to' field empty if you only want to filter a single port.

        Buried under an Advanced button for a reason.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          plainzwalker
          last edited by

          @Derelict:

          Source ports are generally random and dynamic and it's usually a mistake to specify them:

          Specify the source port or port range for this rule. This is usually random and almost never equal to the destination port range (and should usually be 'any').
          Hint: you can leave the 'to' field empty if you only want to filter a single port.

          Buried under an Advanced button for a reason.

          So for the NAT rules I should move the SRC port to the Dest port?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            I don't know.  What are you trying to port forward, specifically?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • P
              plainzwalker
              last edited by

              @Derelict:

              I don't know.  What are you trying to port forward, specifically?

              Torrents specifically. 2 different machines and 2 different ports.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                What are you trying to port forward, specifically?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • P
                  plainzwalker
                  last edited by

                  @Derelict:

                  What are you trying to port forward, specifically?

                  192.168.1.40:23928 <-> VPN
                  192.168.1.221:26688 <-> VPN

                  Is that what you were asking?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    So your VPN Provider is forwarding 23928 and 26688 to you or what?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • T
                      thermo
                      last edited by

                      Also the port forwards/allow  will likely need to be on the pia interface. Not lan.

                      1 Reply Last reply Reply Quote 0
                      • P
                        plainzwalker
                        last edited by

                        Just a small update, I found someone who had a walk through and apparently it is a port forwarding issue on PIA side. So I am in the process of figuring that part out as we speak. I have it setup on pFsense but now I need to convert a script for synology to work in ubuntu.

                        Thank you for the help and made me look outside the what I was already thinking.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.