pfSense NAT port forward – Here is how we do it
Are you looking for a pfSense NAT port forward option? We can help you to do this.
To add a port forward, we add a firewall rule that allows traffic to internal IP.
At Bobcares, we often get requests on pfSense configuration, as a part of our Server Management Services.
Today, let’s see how our Support Engineers change port settings in the pfSense firewall.
Port forwarding in pfSense
pfSense is an open-source firewall. By installing this on a physical machine it acts as a dedicated firewall.
Port forwarding is useful as it secures the default port from the Internet. Usually, to add a port forward, we add a firewall rule. This allows traffic to the internal IP address based on the port forwarding settings.
But, the pfSense front panel has the option to additionally add the rule while creating a port forward. So let’s see how our Support Engineers do this.
How we do NAT port forward in pfSense?
Our Support Engineers do the NAT port forwarding via the web GUI. So we access it using the admin login. Then we add the NAT rule.
For this we navigate as Firewall >> NAT. Usually, this opens the NAT rule editor. Here we add the rule. Our Support Engineers add appropriate options for each section. Let’s have a quick look at these options.
- Disabled: This option disables the rules. But this will not remove it from the list.
- Interface: This option allows us to choose the interface, usually this is WAN.
- Protocol: Here we add the protocol of the port we forward.
- Source: Next we specify the cases from which sources we want to accept the traffic. Usually, we add this as ‘any’ so that to allow all Internet hosts.
- Destination: Here we specify the destination IP address.
- Destination Port Range: Here we specify destination port of the traffic, that is the outside port or ports to forward.
- Redirect target IP: This is the internal IP address to which we forward the traffic.
- Redirect Target Port: The internal port or port range we forward.
- Description: A description added for reference.
- NAT reflection: This option enables or disables NAT reflection a per-port forward basis.
- Filter rule association: Choose either of the options which gets updated when the port forward is updated or passes all traffic that matches the entry without having a firewall rule at all.
The NAT rule editor in pfSense appears as,
[Still, having trouble in pfSense NAT port forwarding? – We can help you.]
So far, we saw how to do pfSense NAT port forward. We saw the various options in the NAT rule editor window. In today’s writeup, we also saw how our Support Engineers choose the appropriate options and forward the traffic on the selected port.