Configuring a pfSense Firewall

This guide explains how to configure a pfSense firewall to allow Reemo to use an optimal connection (direct/udp) and avoid unnecessary fallback to relays.
A proper configuration significantly reduces latency and improves the audio/video quality of sessions.
Without this configuration, Reemo can still work, but connections will fall back to relays (relay/tcp, relay/udp, websocket) with reduced performance.
Before you begin, make sure your pfSense firewall is properly installed and accessible via its web administration interface.
Then log in to the interface with your administrator credentials.

Note

This configuration is provided as an example.
Screens may vary depending on your pfSense version.

Step 1: Access the NAT configuration

Go to Firewall > NAT > Outbound:

pfSense menu

pfSense menu.

Select the Hybrid Outbound NAT mode:

pfSense NAT configuration

pfSense NAT configuration.

Step 2: Create a NAT rule for Reemo

Add a Mapping Rule:

pfSense Mapping menu

pfSense Mapping menu.

Configure the rule as follows:

  • Disabled: unchecked

  • Do not NAT: unchecked

  • Interface: WAN

  • Address Family: IPv4+IPv6

  • Protocol: UDP

  • Source: Network192.168.1.0/24 (adjust to your local network), Ports: 58200–58400

  • Destination: Any

  • Translation > Port or Range > Static Port: checked (important to preserve the source port)

pfSense NAT rules

pfSense NAT rules.

Summary: Ports and addresses to open

For quick reference, here is a summary table of the flows required for Reemo to work properly in direct/udp mode:

Usage

Protocol

Ports

Destination

Signal server

TCP/UDP

443

signal.reemo.io

TURN servers

TCP/UDP

443

turn1.reemo.io, turn2.reemo.io

Reemo Protocol In

UDP

58200–58400

Browser (client device)

Reemo Protocol Out

UDP

1024–65535 (src 58200–58400)

Remote computer (Reemo Agent)