Usually, the Destination port range and Redirect target port are the same, but there are some cases where we might want to redirect incoming traffic to a different port. For example, we might want to run a web server for our own personal use. For example, we might be running the web front end for MythTV (a Linux-based open source PVR application), and we may want to access it from the internet.

There is a good chance that our ISP blocks port 80 and port 443 traffic (the default ports for HTTP and HTTPS respectively); therefore, if we want to run a web server on our home connection, we would have to use a different port:

1. Navigate to Firewall | NAT. Again, we don’t have to click on Port Forward, since it is the default tab. Click on one of the Add buttons.
2. For Protocol, keep the default of TCP. Destination port range should be set to a single port. Any unused, unblocked port will do; the higher the port number, the better, as these ports are less likely to be used. Set Redirect target IP to the IP address of the computer on which the web server is running, and set Redirect target port to 80. (We could instead reconfigure the web server to accept traffic on the port set in Destination port range, but redirecting the port is easier.) All other settings can be kept at their default values.
3. Enter an appropriate description (such as Port forwarding for web server) and click on the Save button. On the Port Forwarding page, click on Apply Changes.

Now, you should be able to access your web server from the internet by typing in the IP address of your WAN connection + a colon + the port you set as the Destination port range. If you set up Dynamic DNS per the instructions in Chapter 2, Advanced pfSense Configuration, you could use the domain name for your WAN address rather than the WAN IP address.