NAT Port Forwarding in pfSense 2.4

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today we're going to go through port forwarding from the outside of the network to the inside of a network for example you may have a web server that's running behind pfSense and it has an internal LAN IP address and you want to be able to access that from the outside from the outside Network whatever your LAN connection is all right so as you can see in this little text edit file here I've got a good example of some of the IPS and some of the services that we may you know in theory want to to forward so our pfsense internal IP address is 172 1670 3.5 and we have a imaginary web server running on 172 1670 3.10 doesn't actually exist so this will won't actually go anywhere but we're just going to pretend it is running a patchy web server on port 80 and 443 for HTTPS GPS so therefore we're going to want to forward a TCP protocol on 80 and 443 to the internal web server IP address and just for fun our external IP address is 192 168 0 to 39 ok so and you can see that the wind and land that I've referenced here are actually showing up here in the dashboard all right so port forwarding and pfsense is actually very straightforward very easy you just go to firewall go to NAT and as you can see I don't have any rules I'm not forwarding any ports from the outside world into the internal network so we're gonna click Add and so the interface is going to be the win interface that's where we want to take traffic from we want this rule to be listening on the LAN interface and the protocol is going to be TCP and the destination is going to be you an address so we're basically saying anything that is destined for the win IP address which would be 192 168 0 dot 239 we want to take any traffic that's point into the wind address and any traffic that is trying to go to port 443 which is HTTP we want to redirect any HTTP traffic going to the LAN IP address we actually want to take that and redirect it to the internal Apache web server that is running on 170 2.16 dot 70 3.10 okay and then so then the redirect target port could actually be something other than the port that they're trying to come in on but in this example we're just gonna leave it the same so if they're coming in on 443 and we want to just keep that port number where it is and just shoot it on down to our internal web server okay and it's always a good idea to throw a description in so we could say test internal and that is it you don't have to set anything else okay so we'll hit save and hit apply and as soon as the filter reload finishes which is pretty much instantly in our case that is setup ready to go you could use the external IP address from the outside of the network and get in through pfSense and be routed to your internal web server okay so that takes care of HTTP chances are if you're running 443 and HTTP you probably are going to want HTTP on port 80 redirected as well so you can either add a new rule and start from scratch or you can come over here and click this fancy little copy button and it's going to start a new rule based on the rule that we just did so that's kind of nice because the only thing we're going to change is HTTP to HTTPS and HTTP the redirect target IP is the same we're still listening on the LAN interface and we're still listening for anything destined for the Wayne address and we will make sure that we label that HTTP so we know the difference and that's it so we'll save apply and with these two rules we are actually taking anything coming to our external when IP address and pfSense and we are forwarding HTTP and HTTPS traffic to the internal web server so you could keep going with all kinds of different port numbers and servers and where it gets tricky is if you had you know two servers two individual servers and you both wanted them listening on 443 and 80 you would have to do some clever things with your servers like the actual Apache web config because you can't really point you know traffic coming in on one IP address you can't point it to two different places on the same port I hope that makes sense so that's all there is to it once you get these rules set up you'll be good to go and obviously the protocol being TCP it may be UDP if you were doing a different type of server or if it's you know DNS or whatever you can actually select both I'll edit this rule and show you that you can do TCP UDP or either you know the TCP / UDP would be anything coming in on a certain port whether it's TCP or UDP you know go ahead and take it and forward it on so that that's that's pretty cool - for web traffic it's gonna be TCP alright so that is pretty much it and this was a pretty quick video but there was a question in the comments that I wanted to try to get answered pretty quickly so if you have any questions feel free to ask in the comments thanks

Info

Channel: Rocket City Tech

Views: 31,977

Rating: undefined out of 5

Keywords: pfsense, nat, port forward, http, https, tcp, udp, WAN, networking, LAN

Id: Jr5vynorkkk

Channel Id: undefined

Length: 6min 57sec (417 seconds)

Published: Sat Feb 24 2018