ANSWERED pfsense port forwarding not working

[3kjh3bkjefg 0]

I'm new into AirVPN but I want to use the service for port forwarding but I can't get it to work.

The issue is that it looks like the traffic is coming to my pfsense firewall and the traffic is forwarded to the server. The server is responding but my pfsense can't find a route back.

I configured my pfsense firewall with an OpenVPN connection to one of the servers. This VPN connection is working fine. When I try to route outbound traffic over the AirVPN it is working fine. So the basic VPN configuration can be marked as working in my opinion.

I configured a port in AirVPN client area. Then I configured a NAT rule in my pfsense firewall and as you can see it is not working. When I change the NAT rule to my WAN interface I can access the port over my internet connection. THe NAT rule is working on my internet connection but not on the AirVPN interface.

I also added the packet capture where you can see the traffic is incoming on the airvpn interface and routed to my server. I also added an attachment of my LAN interface and you see the traffic is incoming and then send back on my LAN interface but my pfsense can't handle the packet.

I hope I made my configuration clear. I looked into the NAT reflection options but none looks to be working in my setup.

[go558a83nk 362]

You only need the first port forward rule, for your AirVPN interface, assuming that's the interface/gateway that the transmission device is allowed to use in policy routing.  So, delete the one you made for your WAN.  The only mistake I see is setting filter rule association to pass.  You need to set that to "create new associated filter rule" and save.  That'll create the necessary firewall rule.  Of course, make sure transmission is listening at 192.168.3.102:19151 when you test to see if the port is open.

[3kjh3bkjefg 0]

Thanks for the reply.

I know I only need the port forward for my VPN interface and not for my WAN. I only added this as an example so you can see my port forwarding rules on my WAN are functioning. I deleted the WAN port forward.

The filter rule association is a possible usage but it is also possible to use the pass option. Both are working. If you use "create new associated filter rule" then it will automatically create a firewall rule. If you use the pass option it will forward the traffic also if there is no firewall rule in place.

I followed your example in the attachment. I created the firewall rule from the NAT rule.

[go558a83nk 362]

So is it working?  The other thing that often breaks port forwarding on pfsense is if there are any rules in the openvpn or wireguard "group" firewall rules since those group rules override individual interface rules.

[3kjh3bkjefg 0]

It was not working but because of your reply it is working now. Thanks for the solution. I was looking for a solution for hours.

It is solved by removing the any rules under the openvpn interface.