If you use “None”, you would have to create a WAN rule manually for the NAT port forward rule to be fully functional.Īs you can see, creating a NAT port forward rule is not much more difficult than a WAN rule. It is very important that you do not have this option set to “None” because the port forward rule will not work properly. Set it to “Add associated rule” if you wish to see the automatically generated WAN rule or to “Pass” if you prefer to see only the NAT port forward rule (you cannot use “Pass” in multi-WAN situations according to the OPNsense documentation). Important: The only remaining option you need to make sure you set is the “Filter rule association”. That is the IP/port of your internal server. You will notice a couple of options for the “Redirect target IP” and the “Redirect target port”. The first several options are identical to the WAN rule except the port is HTTPS for the web server. Like with the WAN rule, the WAN interface will be the default selection for the “Interface” dropdown. In the example below, assume there is a web server in the DMZ network. Go to the “Firewall > Rules > NAT > Port Forward” page to create a NAT port forward rule. NAT Port Forward RuleĪ NAT port forward rule allows you to host a service inside your network such as a web server. That is pretty much it for the WAN rule! (Note that WireGuard requires more configuration than the WAN rule such adding the outbound NAT rule, but this example is just for illustration purposes). When accessing the service on your router remotely, the public facing address is the destination address. WAN rules typically use “WAN address” as the “Destination” since “WAN address” refers to your public IP address (if it is your main router plugged into your modem). “WAN” should be already set in the “Interface” dropdown since you are on the WAN interface firewall rule page. The “Action” should be “Pass” to allow the connection. One example of a WAN rule would be to access your WireGuard VPN running on OPNsense. If you have a Plex Media Server or Nextcloud on a server in your network and want to open access to the outside world, you will want a NAT Port Forward rule. If you run OpenVPN or WireGuard in OPNsense, you will want a WAN rule. Generally speaking, WAN rules should be used for any service running directly on your router and NAT port forward rules for any service host on a server in your internal network (either virtualized or physical). Knowing when to use a WAN rule versus a NAT Port Forward rule may be confusing to new users.
#FREE PORT FORWARDING UTILITY HOW TO#
WE ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THE USE OF THE INFORMATION ON THIS PAGE.Understanding how to forward ports and create firewall rules for the WAN interface of your router is important if you wish to access services hosted on your router or a server in your internal network. IT IS YOUR RESPONSIBILITY TO OBEY ALL APPLICABLE LOCAL, STATE AND FEDERAL LAWS. THE INFORMATION ON THIS PAGE IS STRICTLY FOR INFORMATIONAL PURPOSES ONLY. ISPs block this port to reduce the amount of spam generated by worms on infected machines within their network.
Port 25 is the default port for sending and receiving mail. With blocked port 80 you will need to run your web server on a non-standard port.
Port 80 is the default port for http traffic.
The most commonly blocked ports are port 80 and port 25. Most residential ISP's block ports to combat viruses and spam.
#FREE PORT FORWARDING UTILITY MANUAL#
Please refer to your routers manual or manufacturer for assistance in setting up port forwarding. This utility can verify the success of that process. When you forward a specific port on your router, you are telling your router where to direct traffic for that port. In a typical network the router has the public IP address and computers/servers obtain a private IP address from the router that is not addressable from outside the network. This allows you to run a web server, game server or a service of your choosing from behind a router. Port forwarding or port mapping allows remote computers to connect to a specific computer or service on a private network.