Problems with port forwarding through VPN



  • I am trying to get specific ports to be routed through the VPN from different machines. I have attached shots of my settings below. Traffic is being passed if I look at my packet captures, but apparently either it is only going one way through the VPN or something else is blocking it since I am still getting reports of being unconnectable. Can someone please help me?

    I thought I had figured out the solution to this problem a while ago but apparently I was wrong.








  • Netgate

    Source ports are generally random and dynamic and it's usually a mistake to specify them:

    Specify the source port or port range for this rule. This is usually random and almost never equal to the destination port range (and should usually be 'any').
    Hint: you can leave the 'to' field empty if you only want to filter a single port.

    Buried under an Advanced button for a reason.



  • @Derelict:

    Source ports are generally random and dynamic and it's usually a mistake to specify them:

    Specify the source port or port range for this rule. This is usually random and almost never equal to the destination port range (and should usually be 'any').
    Hint: you can leave the 'to' field empty if you only want to filter a single port.

    Buried under an Advanced button for a reason.

    So for the NAT rules I should move the SRC port to the Dest port?


  • Netgate

    I don't know.  What are you trying to port forward, specifically?



  • @Derelict:

    I don't know.  What are you trying to port forward, specifically?

    Torrents specifically. 2 different machines and 2 different ports.


  • Netgate

    What are you trying to port forward, specifically?



  • @Derelict:

    What are you trying to port forward, specifically?

    192.168.1.40:23928 <-> VPN
    192.168.1.221:26688 <-> VPN

    Is that what you were asking?


  • Netgate

    So your VPN Provider is forwarding 23928 and 26688 to you or what?



  • Also the port forwards/allow  will likely need to be on the pia interface. Not lan.



  • Just a small update, I found someone who had a walk through and apparently it is a port forwarding issue on PIA side. So I am in the process of figuring that part out as we speak. I have it setup on pFsense but now I need to convert a script for synology to work in ubuntu.

    Thank you for the help and made me look outside the what I was already thinking.