The pfSense Store

Author Topic: Port forwarding only working to /24 addresses  (Read 1066 times)

0 Members and 1 Guest are viewing this topic.

Offline NoMiT

  • Newbie
  • *
  • Posts: 3
    • View Profile
Port forwarding only working to /24 addresses
« on: February 23, 2012, 05:22:59 pm »
Hello all, Thanks for in advance for reading my question.

My Pfsense setup is on a /16 subnet(The lan interface is 192.168.1.1/16) with devices ranging from 192.168.0-255.0-255 and they all can use the gateway fine and access the WAN correctly.

However I simply do not understand what Port forwarding is doing.

If I forward port 7000 from a WAN address to a device on the lan(192.168.1.232/16 for example) it will not work, UNLESS I change the subnet on the 192.168.1.232 device to /24.

Example addresses of Port forwarding working
192.168.1.232 With a Subnet of 255.255.255.0
192.168.13.180 With a Subnet of 255.255.255.0

Example addresses of Port forwarding not working
192.168.1.232 With a Subnet of 255.255.0.0
192.168.13.180 With a Subnet of 255.255.0.0


I have tried different ports/devices and everytime it only works if the lan device is set to a /24 subnet.

Any ideas?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9954
    • View Profile
Re: Port forwarding only working to /24 addresses
« Reply #1 on: February 23, 2012, 05:55:11 pm »
I have nat configured on /22 networks with no issues, can you post a screenshot of your nat rule?

Online cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6300
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Port forwarding only working to /24 addresses
« Reply #2 on: February 23, 2012, 07:24:17 pm »
what's the source IP of the host you're port forwarding traffic from? Out on the Internet, or on a private network? my first guess is you're forwarding in from a 192.168.x.x network and hosts with a /16 mask see that as a local network, which means the replies won't go anywhere.

Offline NoMiT

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Port forwarding only working to /24 addresses
« Reply #3 on: February 24, 2012, 07:27:27 am »
Thank you guys for the replies. I posted 3 images. One of my LAN interface, one of the port forward, and one of the related rule.

I am forwarding the port from WAN address which is a public facing IP on a /5 subnet (It is not a 192 address)

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9954
    • View Profile
Re: Port forwarding only working to /24 addresses
« Reply #4 on: February 24, 2012, 07:46:12 am »
I did not found erros on your config.
Do your wan has a valid ip?

Offline NoMiT

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Port forwarding only working to /24 addresses
« Reply #5 on: February 24, 2012, 08:06:49 am »
Yes it has a valid wan ip, and I can access the internet via internal devices on both /24 and /16 subnets, but the really odd part is that the ports forwards work fine if I change the device to a /24.

Right now the websites in question are available and being used (Because I switched their internal ip to a /24), but it is really annoying to have to segment parts of our internal network for no logical reason.

Online cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6300
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Port forwarding only working to /24 addresses
« Reply #6 on: February 24, 2012, 08:23:08 am »
Time to packet capture, start with the LAN on the firewall, filter on the destination host's IP. If you see it leaving there, go to the target server and capture.