Firewall weirdness with allow port 443 from Red to green

Im setup fire in a proxmox VM and having some weird issues. When i create a rule, to allow port 443 from Red to green, it shows it as outgoing. When i create the same rule, but reversed ( from Green to Red ) iit shows it as incoming. What is happening? Am i doing something wrong or am i misunderstanding it ?
I know i should be using orange, but this more a test then production.

@eposig , welcome in our community!

To answer your question, we should see the definition page. The result shown doesn’t include the definition process.

I think this is what you are asking for.

This is the interfaces.

None of your rules in the first post match this setting page.

Woops, put up the wrong image :frowning: . This is the correct one.

This is port forward definition, usual direction is red → green.
With your values a rule is defined “all input of with destination port 443 is goes out on red with destination port 443”. This the normal behaviour, so the rule is worthless, IMO.

What port forward do you want to define? Forwarding packets with destination port 443 to, I think.


So, i been trying to make a port forward for 443 to a Lan ip. But, when i make it red to green, it puts it in outgoing and when i do it reverse, it puts it in incoming, which makes it not work.

I didn’t see such things for port forwarding according to - Creating a Port-Forward Rule

1 Like

I use these configurations for port forwarding. I don’t have IPFire in a ProxMox, but I think the concepts are the same.
I can confirm that this rule works for me: remotely I can access the local server
If it doesn’t work, make sure there is not “some other NAT in your network.”


Here is a port 80 example:


Yes, it matches my configuration :+1: :+1: :+1:.

Hello @Eposig, welcome to our community. Understanding and setting up a firewall correctly can be a complex process, especially when starting out. I encourage you to keep asking questions and experimenting with your setup to learn more.

Regarding your query about the firewall showing different statuses (“incoming” and “outgoing”) based on the rules you set up, it is tied to how the firewall interprets the rules based on the source and destination you specified. Whenever you select as “destination” the firewall itself from within the LAN, it will end up in the “Incoming Firewall Access” to single out this particular class of rules from the rest which will be classified simply as “Firewall rules”. Why the developers have chosen to do so, I am not sure.

For the rule involving NAT from LAN to WAN, it is generally unnecessary, and its behavior can be unpredictable. To set up access for a server within your LAN to be reachable from the WAN, you should configure a rule with the following parameters:

  • Source: RED
  • NAT: Destination NAT
  • Destination: LAN IP (for instance,
  • Protocol: The appropriate protocol and service (such as TCP 443)

With this rule in place, your LAN server should be accessible from the WAN without any issues.


If you want, I will make myself available to help you.
For practical firewall rule setting, I am doing quite well :+1:.
For my theoretical explanations no, I refer to Wiki: if I explain, it may be unclear because of machine translations. :wink: :blush:

This is in the perspective of the firewall not the network.
Don’t get caught up in that too much.

Your first rule should be the only one needed.
Red to green or any to green is better for testing.

You need to verify your virtual network interfaces.
Not a Proxmox user.


I thank you all for your kind welcome and help :slight_smile: . I got it working and now the problem is elswhere, but that has nothing to do with Ipfire.