Router Reports being Firewalled after Port Forwarded

I2P router issues
Post Reply
speakerblind
Posts: 2
Joined: 19 Jul 2019 00:27

Router Reports being Firewalled after Port Forwarded

Post by speakerblind »

I have a PfSense gateway in front of a i2p router, and I set my gateway to forward both udp and tcp to my i2p router port.

i2p is still showing that its firewalled, and network sharing sits at 0.00 but is able to make and occasionally receive connections. It probably receives the few connections it gets through an introducer.

Is there anything I might be forgetting, or could do to make the router perform better?
jogger
Posts: 45
Joined: 19 Feb 2018 09:00

Re: Router Reports being Firewalled after Port Forwarded

Post by jogger »

For IPv6 it should be sufficient to just let the router port through using a firewall rule. For SSU you will want to disable privacy extensions on your machine, making sure the outgoing address is the same one the router advertises.

For IPv4 the port forwarding feature on most routers (not sure about pfSense, please check) does (should do) three things in one setting, that I prefer to do individually:
  • create a firewall rule to open the port for inbound UDP and TCP
  • forward ingoing TCP and UDP to your machine (destination NAT)
  • add a masquerading source NAT rule that forwards traffic from your router port to the WAN connection. This is the tricky one, as your firewall may choose an inappropriate outgoing port. Then it only helps to set the outgoing port address if possible
To give an idea, my router uses the following commands:

name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description i2p
destination {
port 12345
}
log disable
protocol tcp_udp
}
}

nat {
rule 1 {
destination {
port 12345
}
inbound-interface pppoe0
inside-address {
address 192.168.0.123
port 12345
}
log disable
protocol tcp_udp
type destination
}
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface pppoe0
outside-address {
port 12345
}
protocol tcp_udp
source {
port 12345
}
type masquerade
}
}
Post Reply