When adding a port forward, a firewall rule must also be added to allow traffic in to the internal IP address designated by the port forward.

The NAT port forward entries for specific ports take precedence over 1:1 NAT Mappings.

We already went through installation, configuration, LAN firewall configuration, and now we`ll configure access from the internet to the services in our network. Create port forwarding on pFSense This LAB will cover scenario of publishing services to the internet – creating WAN firewall rules and NAT (Port Forwarding) for pFSense. When adding a rule, the following fields are available:
New rules can be added by clicking Add in the upper right corner. Clicking the "x" will delete the rule. Forwarding Ports with pfSense¶. Creating a NAT rule in the web GUI. On the upper right hand side click the plus symbol to create a new rule. Log back in to pfSense and navigate to Firewall > NAT > Port forwards We know that existing port forward works correctly so lets duplicate it to the two other VPN interfaces. Here, you will see an overview of port forwarding rules. Forwarding ports in pfSense® software is a fairly simple process. Click the duplicate icon under actions to the right of the VPN_WAN rule to create a duplicate rule. There is an option to automatically add this rule when creating a port forward definition, and it is enabled by default. This way, a 1:1 NAT may be used for a Virtual IP, and then one or more ports may be forwarded to a different internal IP address if desired. In OPNsense, port forwarding can be set up by navigating to Firewall ‣ NAT ‣ Port Forward.

Port Forward and 1:1 NAT Interaction¶. This will open up the NAT rule editor. If you need to edit an existing rule click the "e" next to the rule you want to change. Port forwarding is also referred to as “Destination NAT” or “DNAT”. To set up port forwarding click on NAT from the Firewall menu in pfSense.