Create port forwarding on pFSense

This LAB will cover scenario of publishing services to the internet – creating WAN firewall rules and NAT (Port Forwarding) for pFSense.

We already went through installation, configuration, LAN firewall configuration, and now we`ll configure access from the internet to the services in our network.

For this LAB I published test website in IIS.

Windows Server 2016 is on 10.20.20.2 IP address, and pFSense is on 10.20.20.1 IP address.

Logon to your pFSense web interface (see my previous LABs if you are not sure how.)

Select Firewall | NAT |Port Forward |Add

Interface: WAN |Protocol TCP | Destination WAN Address | Destination Port Range HTTP | Redirect Target IP: address of the PC that hosts website (in my case it is 10.20.20.2)

So, we just defined the rule where if HTTP traffic arrives at our public IP address, it will forward that traffic to our LAN (private network) to specific PC

Redirect target port: HTTP | everything else as default, enter something in description so that you know why the rule is there. | Save

Created rule looks like depicted on the screenshot | Select Apply Changes

Success

If you go to the Firewall menu | Rules |WAN – there should be automatically created firewall rule for created NAT

Let’s see if the port is opened and visible from the internet. It should be if we done everything correctly and service on the local PC is active.

Great site on which I usually check open ports is – http://www.yougetsignal.com/tools/open-ports/

Enter your public IP and the port for which you wish to check the status. You can also choose to scan all common ports for your public IP

Ok, IIS is started and I did a lovely drawing in the Paint and published it as main website. I checked my website from the mobile phone just to be sure there isn`t any LAN connection.

Works – Port Forwarding – WAN Firewall rule is working.