How to configure Port Forwarding in pfsense

 

 
 

 
 

Port Forwarding in pfsense

  • Used when hosting servers, or using applications that require inbound connections from the Internet.
  • CISCO Terminology = NAT Overload or PAT (Port Address Translation)
  • The firewall will allow any traffic matching corresponding firewall rules for NAT. (Security Concern)
  • A single port can only be forwarded to one internal host for each available public IP address.
  • Port forwards take precedence over services running locally on the firewall, such as the web interface, and SSH.
  • Port forwards also take precedence over 1:1 NAT.
  • Each port forward rule has a corresponding automatically generated firewall rule.
  • The Source of the automatically generated rule should be restricted where possible, especially for remote management services such as SSH, and RDP.

 Steps

1. Configure IP Address in the Server in LAN 

We need to assign IP address to the server that is attached to the LAN interface of the pfsense. In this tutorial we have assigned 192.168.1.1 at pfsense LAN interface and Windows Server 2019 is assigned 192.168.1.2

2. Add Port Forward rule in NAT from Firewall menu

 
 
Next click at Add to add a new Port Forward rule and select Destination as WAN Address, Destination port range as 8080 and Redirect target IP as 192.168.1.2 that is Windows Server IP Address
 

 
and enter Redirect target port as 80 which is port at which Web Server listens in LAN.
 
 

Click at Save button to save the rule and click at Apply Changes to apply it.

 
 Next we see that changes are applied successfully,

 
 
As we have mentioned in the introduction that by default a firewall rule is also added against a Port Forward NAT rule. We can verify that by looking at firewall rules.
 
 
 

3. Verify the Configurations

 
Now can can test if the port forwarding works by browsing pfsense WAN IP with port 8080

Tags

#buttons=(Accept !) #days=(20)

Our website uses cookies to enhance your experience. Learn More
Accept !