@johnpoz Yep! I've got a headache!! But I am understanding a LOT more. Again, thank-you!! You sir are awesome! John

@asiawatcher Just obey my suggestions and it should work.

@kiokoman sorry outbound rules are for all the lan yes so nas itself also

this fixed my issue for anyone else finding there way to this same issue [image: image.png] https://www.reddit.com/r/PleX/comments/77b151/can_access_server_via_browser_but_not_apps/

@AkkerKid-0 pfSense applies only one single filter rule on incoming packets. But there is a strict order and the first which matches gets applied. See Rule Processing Order for details.

hi @johnpoz so i ended up rebooting and started to work, very odd cant seem to find out the issue

@dmayle Self-replying here. It looks like I should be using a VIP (Virtual IP Address) of type "Other": Other type VIPs define additional IP addresses for use when ARP replies for the IP address are not required. The only function of adding an Other type VIP is making that address available in the NAT configuration drop-down selectors. This is convenient when the firewall has a public IP block routed to its WAN IP address, IP Alias, or a CARP VIP.

@SteveITS Correct, but this is in relation to NAT reflection, so the IP is being accessed externally. I just didn't understand this setting until now. All it's doing is NATing the source IP to the routers IP on that interface, this way if the client tries to connect to the web server's public IP, but the web server is on the same subnet as the client, the web server itself sees the connection coming from the routers default gateway IP, this way it responds back to the router instead of trying to direct connect to the client (since they're on the same layer 2), so that the NAT reflection can NAT things back like it should. I was trying to figure out why NOT having this setting enabled under Advanced > Firewall & NAT was still working, but that was simply because the NATing of the source was not necessary since the web server is on it's own subnet, so the web server is going to reply to the default gateway on it's subnet regardless. As for split DNS that is exactly what I would normally do, but this is a bit more complex of an environment, but NAT reflection works perfectly in the meantime, I was just trying to be sure I fully understood the settings I was looking at. All makes sense now though! Appreciate the replies here.

Hi Derelict! I am in the exact same situation as NekoSema and tried to solve it the same way, before stumbling upon this thread. I already did what you said, except for: "X.X.28.3 needs to know to route traffic for X.X.96.0/24 back to pfSense. (Guessing on the subnet since it was unspecified.)" I don't know how to accomplish that. I thought it might be a static route, but I don't know how to define it. I know this thread is old, but it is the exact description of the situation that I am facing.

@eiger3970-0 said in I port forwarded, but why is port still closed?: run VM OPNsense I think your lost.. vm router pfSense 23.1.11_1-amd64 There is no such version of "pfsense" - again your on the wrong forums.. Ask over on the software your using forums. But common issues with port forwarding, is the port never actually gets to your edge, sniff on your wan to validate traffic is actually getting to your router that is going to forward traffic. Where your forwarding has its own firewall, that is not allowing the traffic, your using the wrong port, or the port your app is listening on is different than you think, or its not even running. Or you device your forwarding to isn't using the device your forwarding from as its gateway.

That is an odd place for it to throw an error. It suggests it had a problem writing that file out. Gut feeling says it may be hardware (e.g. disk/ssd) but it could just be the filesystem if it's UFS. Running a filesystem check a few times might help. If the disk is using ZFS then it's more likely to be hardware.

@Octopuss Ha, problem identified: ESET Smart Security's firewall. I have no idea what it does, but it blocks this. I forgot the software had actual firewall in it. Now I have to dig into the settings, bleh.

@viragomann Thanks, that's got this working now

@cysec So obviously the Windows machine is not able to resolve host names. As you've did the network settings on the vm manually, you need also to configure a DNS server to be used. By default pfSense provides the DNS resolver, so you can set the pfSense interface IP as DNS on Windows.

@viragomann , thank you. It was indeed a floating firewall rule that was causing the problem. After disabling it, all is working as expected again.

@viragomann Cool! Thanks for the suggestion.