PortForward Not woking no matter what i do
-
@dark_prophet said in PortForward Not woking no matter what i do:
The device been used is my own computer.
Which I take it working for internet - but is it actually routing through pfsense? If you see pfsense send on the traffic via a sniff, then you know its something with the device, no service listening on that port, firewall, or not using pfsense as its gateway.
But there is nothing pfsense can do if it sends on the traffic it sees via the forward and never gets an answer.. Not sure what scanning service your using.. Is that actually from the internet? I normally recommend just can you see me .org for sending traffic from the internet to test a port forward.
If your scanning locally to your public IP hoping to get reflected back in - that is not a good test of port forwarding, and you need to have setup nat reflection. To test a port forward, you need to send traffic from the outside.. which can you see me makes real easy to do on any tcp port.
-
that's what im doing trying to test it from outside my network with my cellphone from
ipfingerprints.com
-
this is what i get on capture packet when i try to ping from outside my network from 2 sites
https://www.ipfingerprints.com
https://canyouseeme.org/
00:15:03.088123 IP 5.79.75.134.58554 > 72.47.134..: UDP, length 21
00:15:04.088941 IP 5.79.75.134.58555 > 72.47.134..: UDP, length 21
00:15:05.125488 IP 5.79.75.134.41022 > 72.47.134..: tcp 0
00:15:06.126803 IP 5.79.75.134.43608 > 72.47.134..: tcp 0
00:15:07.673939 IP 52.202.215.126.53411 > 72.47.134..: tcp 0
00:15:08.670759 IP 52.202.215.126.53411 > 72.47.134..: tcp 0
00:15:10.674765 IP 52.202.215.126.53411 > 72.47.134..***: tcp 0 -
@dark_prophet ok that is good, that shows it hit your pfsense public IP, now sniff on your lan side interface when you do the same test.. Do you see pfsense send on the traffic to your devices IP? If so then your device didn't answer for whatever reason - but pfsense did what you told it too.
edit: Example I just forwarded 2302 to a box on my network.. He is not listening on that port, but I can still forward traffic to him.. See while sniffing on the lan side interface you can see pfsense sent the traffic on.. In my case the box at 3.32 sent back a RST saying hey not talking to you on port 2302 go away..
But not all OSes will send back a rst if nothing listening, maybe device firewall just dropped the traffic, or maybe the device sent the reply to some other IP other than pfsense.
But you can see from the sniff that pfsense did what I told it too and forwarded traffic hitting its wan on port 2302 to the device at 192.168.3.32
-
Not sure if i have wireshark set up right but im not seeing any traffic when i scanned my network on that specific port
-
@dark_prophet use the packet capture on pfsense.. Under diagnostic menu.
-
I did same test on LAN and has no output what so ever. can i see your rules on your port 2302 rule
-
@dark_prophet I posted them...
you sure that IP is correct.. if pfsense can not talk to that IP, then it can not send on the traffic - since it doesn't know the mac address of it.
I posted the portforward and the rule that it generates on my wan..
The rules on your wan are evaluated top down, if you have some rule that blocks before your allow then no it would never work, if you have some rule on floating that would block, again it wouldn't work.
-
ok i think you got it that could be the problem LAN interface is not getting anything
i ping my Plex server on 32400 port on WAN and LAN and i get an output
but now on 2302. what could be the issue now ? any ideas ?
-
@dark_prophet have no idea you haven't posted your wan rules, nor if you have any rules in your floating. Nor again that pfsense can even talk to this IP you want to send 2302 too..
Can pfsense ping this IP your trying to forward too, does it show mac address?
If pfsense does not have the mac address of where to send traffic for this IP - then no it can not send it, even if your port forward and wan rules would allow it.
You have different IPs in your plex forward vs this 2302 forward, one is to a .99 the other is to a .98 is that a typo? And your trying to send 2302 to your plex box as well?
-
-
-
@dark_prophet what advanced thing did you do on that 2302 rule - see the gear on it.. Also I see no hits on that rule.. see the 0/0 B in the states - if you had sent traffic from the outside that rule matched on it would be something other than 0/0 like see your plex rule above it.
-
there it shows MasterPC
-
@dark_prophet all good info.. But what is that Gear Settings on that rule - means you did some sort of advanced filter on it.. Also it shows 0/0 hits on it - do you have something in floating rules that would prevent traffic from ever hitting the interface (wan) rule..
Also that shows its on a vlan, not your lan - if you sniffed on lan you wouldn't see traffic going to it..
-
that's the sloppy state that i was trying to make it work lol
i did have something on flotting rules but i deleted everything and started from scratch -
problem LAN interface is not getting anything
Did you do the packet capture on the correct interface - your lan would never see anything because from your arp table that IP is on your main_vlan interface.
-
When i capture in MAIN_VLAN not output
when i capture on WAN i see trafficmy Plex server is on the same interface and i see output on all interfaces
-
@dark_prophet well that doesn't make a lot of sense.. Are you showing that wan rule trigger when you send traffic - or is it still at 0/0
-
thats why im scratching my head here lol
still showing 0/0 on everythingi wonder if the Main_vlan might be conflicting with something else.
