 So I'll do a quick video here on port forwardings. It just comes up a lot. Now I have a more advanced video if you have dual WAN and multiple interfaces, how to do it there. But this is just the basics that a lot of people ask for, just how to do port forwarding in PF Sense. So we're going to go over here. We're running the latest version of PF Sense 2.4.3 release P1. Services, whoops, I'm sorry, firewall, NAT, add. So by default, the interface is going to be WAN, the protocol TCP. We can change it if you have a TCP, UDP, or a combination. You can do it both. We're just going to leave it at TCP because we're going to forward SSH because I have a Linux server on the other side. So SSH is port 22. Now a couple options here. We can just choose SSH. They have a lot of them in the list here. So you can choose the protocol or we can just type it in. I'm always a fan of typing it in. My Linux box is 192.168.40.50 that is on the other side of the firewall and port 22. Description, allow SSH to my Linux box and use system default, NAT Reflection. I've talked about this in our videos. NAT Reflection, if you don't know what it is, it's so if you're inside your network and you try to hit the external IP and PF Sense is smart enough to realize you're in there, it reflects you back to the local IP with the rule. Filter rule associated by default, PF Sense does this. Now most commercial firewalls, it's a two step process or it's a combined process here in PF Sense. There's two pieces. You have the NAT translation, which means take port 22 and land it from the external IP address to the internal IP address of 192.168.40.50. Then the firewall itself needs a rule to allow port 22 traffic to pass. And this is actually a convenient way to do it in my opinion. And the reason why is because now we have this, which you can follow through WAN, TCP, source address, any source ports, WAN address, destination 22, NAT IP. So you kind of flow through, see how things are going. Go here to firewall rules and then we have the same thing. Here is the rule that opened it up, which is IPv4, TCP, 192.168.40.50, SSH. And this is a NAT rule. So if we try to edit this rule, because this rule was auto-created, notice how I put the word NAT in front of it. Go ahead and click edit. Some of these things are grayed out and a reason why is because the rule itself is linked. So all the other features still apply. I can still edit the advanced features and things like that, but because it's linked, these parts are grayed out. So we're gonna go over here to firewall, we're gonna NAT, we're gonna look at the rule we created. And right here is where you can view the filter rule, which is really nice, especially when you get a firewall filled with rules, you can look at the NAT and go, okay, I have this part set up the way I want and we can also go and view the filter rule, which is on this side here. Now, a couple quick notes. The external IP address is 172.169.40.146, that because this is my lab and I'll show you that it works now. So my IP address is 192.168.3.9 and we're just gonna SSH in to the 172.1646 and I'm on this machine. See the IP address of this one, 192.168.40.50, just like we did. So we're currently connected, I'll leave top running so there's something going on here and show you real quick with the NAT rule. So here's that rule and I wanted to mention by default, the source is any. We can change the whole source to my IP address to 192.168.39. So we're gonna hit save here, apply. Bring this here over running top, we're gonna exit this up arrow and I'm back into that machine. The 40.50. Now, that's simple enough but what happens if we change it to this? So we wanna change it to an IP address that's not mine so it went from .9 to 3.120, we're gonna hit save, hit apply. So we have now filtered so only source address 192.168.3.120 can come through. Well, this is what happens. I'm still in the machine because by default PF Sense does not kill the state tables that are active. So this is an active state table and I have an active connection but the minute I exit outta here so connection to this close up arrow, I can't get back in because I'm trying to initiate a new state and a firewall said no. So it leaves the current states in there. Now, you can go into and clear the state tables and force those to be cleared. There's options in the advance to force it to do it every time you change a rule but just so you're aware if you're changing rules and you have a bunch of people connected to a machine changing the rule means new connections can't come in but old connections can stay. So just a little bit of side note when you're troubleshooting. Gonna change this back to source any and gonna hit save, apply. And then we go over here. I can get right back into the machine. Like I said, we're right back into the 40.50. Now, one side note, when you're troubleshooting this this happens a lot. You have under diagnostic test port and when you're testing the port, port 22, hit test, port connection successful. This can save you lots of headache and some people start with the firewall rules and when it doesn't work they keep staring at the rules thinking there's a problem. When a reality is a machine for one reason or another isn't even accepting connections. So do this first to make sure the machine is accepting connections or before you start really taking apart your firewalls. You may have done the firewalls perfectly fine but you have another problem with the machine not accepting connections. So definitely dig into that first. That's a pro tip here that is sometimes people don't think to go there but maybe I have played with rules a couple of times for a bit longer than I should have trying to sort that out. And yeah, just go here, test it. If PF Sense can see it and a port's open then start working on the rules inside of there. Thanks for watching. If you liked this video, go ahead and click the thumbs up. Leave us some feedback below to let us know any details what you like and didn't like as well because we love hearing the feedback or if you just wanna say thanks, leave a comment. If you wanted to be notified of new videos as they come out, go ahead and hit the subscribe and the bell icon that lets YouTube know that you're interested in notifications. Hopefully they send them as we've learned with YouTube. Anyways, if you wanna contract us for consulting services you go ahead and hit launch systems.com and you can reach out to us for all the projects that we can do and help you. We work with a lot of small businesses, IT companies, even some large companies and you can farm different workout to us or just hire us as a consultant to help design your network. Also, if you wanna help the channel in other ways we have a Patreon, we have affiliate links. You'll find them in the description. You'll also find recommendations to other affiliate links and things you can sign up for on launch systems.com. Once again, thanks for watching and I'll see you in the next video.