44158 Port forward doesn't seem to work

4o4rh

I have port forwards working for bittorrent and they work, but for some reason i am trying to port forward 44158 and the test port fails. I tried from both the WAN and VPN interfaces.

My Config:
NAT - Port Forward
Interface: WAN
Protocol: any
Source Address: *
Source Port: *
Destination Address: WAN Address
Destination Port: 44158
NAT IP: device
NAT Port: 44158
Rule Created

NAT Outbound Hybrid
Interface: WAN
Source: deviceip/32
Source Port: *
Destination: *
Destination Port: 44158
NAT Address: WAN
NAT Port: *
Static Port: Static

Interface: WAN
Source: localip/24
Source Port: *
Destination: *
Destination Port: *
NAT Address: WAN
NAT Port: *
Static Port: Random

Interface: WAN
Source: localip/24
Source Port: *
Destination: *
Destination Port: 500
NAT Address: WAN
NAT Port: *
Static Port: Static

Rules
Interface: WAN
Protocol: TCP Ipv4
Source: *
Source Port: *
Destination: deviceip
Destination Port: 44158
Gateway: *

johnpoz

@gwaitsi said in 44158 Port forward doesn't seem to work:

and the test port fails.

Test port as in the test port function under diagnostic menu? That wouldn't be a valid way to test a port forward. But would or should tell you if the device is listening on that port - but its not a valid test for a UDP port..

If that is failing for TCP, then either the device is not listening on that tcp port. Or pfsense can not talk to that device at all, or the device is running a firewall that is blocking that port.

That test should work for tcp test, be it your port forwarding it or not.

4o4rh

@johnpoz John, the modem connected to the ISP has a POE connection with vlan then passes to LAN which i connect to. On the dashboard, i see the lan address of the modem as my wan address. Are my rules/config correct in theory? i think they are right?

johnpoz

@gwaitsi Hard to tell without seeing the full rule set on your interfaces.. You might of created the wan rule to allow the traffic fine - but its below something that blocks it, or maybe you have a floating rule that blocks it.

Do you really need a static outbound nat for this port?

But all of that doesn't really matter if your test port doesn't pass - which means pfsense can not actually talk to the device on that port and get an answer.. So again its not listening, it has a host firewall..

If you test the tcp port to the device (using the pfsense IP in that network) as the source and you get no answer.. its for sure never going to work.

4o4rh

@johnpoz so, i switched to the secondary wan where the wan ip is actually on the pfsense box (cable modem) and the port now shows as open using portcheckers.com and the wan2 address.

The hnt device switched from symetric to none. so i guess it is working and i have to weight for the device to show the port as being opened.

any ideas why wan1 router could be interferring? Should i use the wan1 router (fritzbox) wan ip address instead of the pfsense wan1 (fritzbox lan) in the nat forwarding?

johnpoz

@gwaitsi said in 44158 Port forward doesn't seem to work:

ideas why wan1 router could be interferring? Should i use the wan1 router (fritzbox) wan ip address instead of the pfsense wan1 (fritzbox lan) in the nat forwarding?

You have not provide enough info about your setup.

And none of that would have anything to do with the test port under diagnostic working or not working.. Since that would be pfsense talking directly to whatever device behind pfsense your wanting to talk too..

If set to auto use interface for the test, it should use the interface connected to the device your wanting forward to network.. Even if used one of its other interfaces IP, it should of used the routing table to figure out where to get to where your forwarding, and just used that interfaces IP as the source.

As to switch to secondary wan? For a port to be forwarded, pfsense needs to see the traffic hit the interface you setup the forward on.. How your overall network is setup - have no idea, or what you might have in front of pfsense that could limit something from the internet talking to a pfsense wan IP so it could forward traffic.

All of which has little to do with the testing port feature.. Which would just be pfsense sending a syn to whatever port, and if it got back a syn,ack.

4o4rh

@johnpoz said in [44158 Port forward doesn't seem to work]

As to switch to secondary wan? For a port to be forwarded, pfsense needs to see the traffic hit the interface you setup the forward on.. How your overall network is setup - have no idea, or what you might have in front of pfsense that could limit something from the internet talking to a pfsense wan IP so it could forward traffic.

of course i made the NAT forward/outgoing and rules per the above but using the wan2 interface in place of wan one. the rules must be good, because when i switched, the device immediately went from symetric nat to none

wan2 connects to a cable modem so received the ip from the isp on the pfsense interface. that is the address i see on the hnt public ip address.

wan1 has a fritzbox connected via eth to a fibre converter. the ISP provides a pppoe connection with a vlan. (tried a direct connection using pppoe with j1900 but performance was terrible) The lan side of the fritzbox has a 192.168.x.x connection and the pfsense wan1 plugs to that. the hnt device public ip is the isp address on the fritzbox fibre converter side.