I recently set up a pfSense router and can't get any port forwarding to work from outside my own LAN.
I have the following forwarding rule to a local server located at 10.0.1.2:
Note that if I enable NAT reflection for this rule, then ssh -p 993 user@my-wan-ip works from my LAN, so the rule is having some effect. However it will not work from outside my LAN.
This is extra strange because I have a rule for ICMP packets that does work:
If I disable the first rule in the image above, pings will start to fail from outside the network, so I know the firewall is working. However the second rule (the NAT firewall rule that was created when I created the port forwarding) seems to have no effect.
This worked fine using my old router. Is there anything I could be overlooking here?
Best Answer
Your config is correct to send 993 destined to your WAN IP to 10.0.1.2 port 993.
Go through the troubleshooting steps. You can eliminate at least common problems 1, 6, 7, and 10-14 and probably more than that. https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
First I'd filter Diag>States for :993 when trying to connect from the Internet, and see what's there. If nothing, and you're not seeing any 993 blocks in the firewall log, then it's not reaching your WAN (blocked upstream somewhere). If something's there, what does it look like?