I’ve decided I don’t understand pfSense firewall rules like I thought I did.
I have a static wan IP address that I’ve got a 1:1 nat to an internal box. When I set up the firewall rules, I did this under the WAN tab for the wan IP and port I wanted to open. However, attempts to connect failed.
When I look at the logs, the firewall shows the request from the WAN interface directly to the NAT address. Is this common? It feels very strange to create a WAN rule to open up directly to an internal NAT address. I’ve tested this on a port, and it appears to work, but I don’t really understand why this is the case. Why wouldn’t the rule be to the WAN IP, since it’s how the traffic is coming into the firewall?