subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,049 views 1 comments
by anonymous
Hi all!

The setup is next: RUTX14 with dual sim (main sim with static public IP and the second one is a fallback with sim switching configured on RUTX) as a WAN uplink for the pfSense box doing all firewall/NAT/DHCP stuff for the network.

Now the public IP is set for the WAN interface of RUTX14, the network between RUTX and PfSense is 172.16.2.x and the main LAN is 192.168.40.x

The question is - what is the best way to forward public IP and all the incoming traffic to pfSense BOX to let it portforward? If I set RUTX to either passthrough or bridge mode - will the sim switch feature still work?

I have the same setup on another location, but with RUT950 - and it has DMZ option which is also OK - yes, it needs a little more work to forward ports - but it works, sim switching works too and even I can setup access to both RUT and pfSense webmins from the Internet. But it looks like the RUTX14 is missing DMZ option and the solution to create a port forward rule without exactly selected ports is not working too - it says port must be entered!

1 Answer

0 votes
by anonymous


You should go with port - forwarding.

Bridge/Passthrough modes disable most of the router's functionality and SIM switch will not work.

The DMZ option may not be visible to you simply because your devices use different firmware versions and your RUT950 has a legacy design WebUI while RUTX14 has an updated interface. 

In order to configure DMZ in your RUTX14, you need to simply cerate a firewall rule, which forwards all external traffic to your pfsense device. To do so:

  • Navigate to Network -> Firewall -> Port forwards section in the RUTX14 WebUI.
  • Set any name.
  • Protocol: TCP+UDP.
  • Source zone: wan.
  • Source port: leave empty (equivalent of any port).
  • Internal zone: lan.
  • Internal IP address: your pfsense's IP.
  • Internal port: leave empty.
  • Save and apply.

Best regards,


by anonymous
Looks like it worked. When I first tried to do this way it stopped me with "Source port can't be empty" - but after setting it to 1 and removing in the next step the rule was created and it works. Thank you.

And yes, the 950 is an old boy from G1 family and it's on the last legacy firmware.