For clarity, that’s just the order in which PF works. It does NAT translation
to incoming traffic as a concept before it applies filter rules. It’s unusual
in the world of firewall mechanisms, but it works just fine. It also allows
you to explicitly allow traffic in to your port-forwarded destination without
allowing it to the host itself.
And the private addresses on the WAN require that checkbox to be unchecked.
I’ve done that to myself as well.
ED.
> On 2016, Oct 19, at 3:26 PM, Ezsra McDonald <ezsra.mcdon...@gmail.com> wrote:
>
> I just figured it out.
>
> I had “Block Private networks” was enabled. Disabling it fixed it. My WAN
> is a private segment.
>
> On Wed, Oct 19, 2016 at 2:22 PM, Steve Yates <st...@teamits.com> wrote:
>
>> I see why you would think that but that's how the rules are set
>> up. It's to allow the traffic out to 192.168.4.39:22. In essence the
>> port forward always allows the inbound traffic and the firewall rule allows
>> it to get out to 192.168.4.39:22.
>>
>> Is it not working for you?
>>
>> I suppose one could make an argument that a rule referencing a LAN
>> subnet IP should be on the LAN interface?
>>
>> --
>>
>> Steve Yates
>> ITS, Inc.
>>
>> -----Original Message-----
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ezsra
>> McDonald
>> Sent: Wednesday, October 19, 2016 1:59 PM
>> To: list@lists.pfsense.org
>> Subject: [pfSense] NAT Associated filter wrong
>>
>> I am new to pfsence. It is a very nice firewall.
>>
>> I am running 2.3.2-p1
>>
>> When I use the Associated filter rule option setting up a port forward It
>> does not seem to create the firewall filter correctly.
>>
>> I created the following Port Forward:
>>
>> Port Forward
>> -------------------------
>> Interface: WAN
>> Protocol: TCP
>> Source: *
>> Source Port: *
>> Dest Address: WAN Address
>> Dest Port: 22039
>> NAT IP: 192.168.4.39
>> NAT Port: 22
>>
>>
>> The following firewall filter was automatically created and linked:
>>
>> Firewall Rule WAN
>> ---------------------------
>> Protocol: IPv4 TCP
>> Source: *
>> Source Port: *
>> Destination: 192.168.4.39
>> Port: 22
>>
>>
>> I expected the Firewall filter to be:
>>
>> Firewall Rule WAN
>> ---------------------------
>> Protocol: IPv4 TCP
>> Source: *
>> Source Port: *
>> Destination: WAN Address
>> Port: 22039
>>
>>
>> What am I doing wrong?
>> _______________________________________________
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>> _______________________________________________
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
