Port Forwarding in pfsense
- Used when hosting servers, or using applications that require inbound connections from the Internet.
- CISCO Terminology = NAT Overload or PAT (Port Address Translation)
- The firewall will allow any traffic matching corresponding firewall rules for NAT. (Security Concern)
- A single port can only be forwarded to one internal host for each available public IP address.
- Port forwards take precedence over services running locally on the firewall, such as the web interface, and SSH.
- Port forwards also take precedence over 1:1 NAT.
- Each port forward rule has a corresponding automatically generated firewall rule.
- The Source of the automatically generated rule should be restricted where possible, especially for remote management services such as SSH, and RDP.
Steps
1. Configure IP Address in the Server in LAN
We need to assign IP address to the server that is attached to the LAN interface of the pfsense. In this tutorial we have assigned 192.168.1.1 at pfsense LAN interface and Windows Server 2019 is assigned 192.168.1.2
2. Add Port Forward rule in NAT from Firewall menu
Next click at Add to add a new Port Forward rule and select Destination as WAN Address, Destination port range as 8080 and Redirect target IP as 192.168.1.2 that is Windows Server IP Address
Click at Save button to save the rule and click at Apply Changes to apply it.
Next we see that changes are applied successfully,
As we have mentioned in the introduction that by default a firewall rule is also added against a Port Forward NAT rule. We can verify that by looking at firewall rules.
3. Verify the Configurations
Now can can test if the port forwarding works by browsing pfsense WAN IP with port 8080