How to Set Up Port Forwarding in pfSense Software

In this video, we will walk users through setting up a simple port forward in pfSense software.

For more information on Port Forwarding, please see our documentation:

What is Port Forwarding?

Port forwarding is a technique that allows incoming connections from the internet to reach specific devices or services within a private network. It involves forwarding a specific port or range of ports from the public facing IP address of a router to an internal IP address of a device on the local network. This is particularly useful when hosting servers or services that need to be accessible from the internet, such as web servers, game servers, or remote access tools.

Why is Port Forwarding Necessary?

In a typical network setup, WAN interfaces are assigned public IP addresses, while devices within a local network are assigned private IP addresses. Network Address Translation (NAT) is used by routers to translate between these two types of addresses. However, NAT also acts as a firewall, preventing unsolicited incoming connections from reaching devices on the internal network. Port forwarding is necessary to bypass this restriction and allow specific incoming connections to reach their intended destinations.

How do I Configure NAT on pfSense software?

Navigate to Firewall > NAT, choose the desired interface, and create NAT rules according to your requirements.

What are Default Outbound NAT Rules?

Default Outbound NAT Rules are automatically generated rules that allow internal hosts to access the internet using the firewall's public IP address.

Do I still need to forward the ports manually from my router?

If pfSense software is your primary router, you do not need to forward ports on any additional routers. If pfSense software is behind another router, you may need to forward ports on the upstream router to the pfSense software device.

What are NAT Reflection Options?

NAT Reflection options in pfSense software control how the firewall handles connections originating from internal networks that are destined for the public IP addresses of the firewall itself. The options include disabling NAT reflection, enabling it for specific interfaces, or using a specific source address.

How do I troubleshoot port forwarding issues in pfSense software?

Check firewall logs, ensure the target device is reachable and listening on the expected port, verify the port forward rule is correct and enabled, and test the connection from an external network.

How do I set up port forwarding for a specific device using pfSense software?

Create a new port forward rule, select the interface, specify the protocol and destination ports, enter the internal IP address of the device, and ensure that the ‘Filter rule association’ dropdown menu is set to ’Add associated filter rule.

How do I check open ports in pfSense software?

Use the built-in port test utility under Diagnostics > Test Port, or install a package like nmap to scan the firewall's public IP address for open ports.