unable to get firewall to route traffic

zari90

@Bob-Dig
don't know much about pfSense correct what I know is dangerous and really need help hoping this diagram helps, the nodes are ports that I need open to pass network traffic through to the pi application sitting on windows 10 which is port 31400, 31401 etc, watched a lot of youtube but everything I watch doesn't really help

Gertjan

@zari90

Applying the "Keep It Simple" rules :

This :

can be replaced by a straight cable.

This :

your TrueNAS is a 4 port switch also ?

Here :

A windows PC with dual NIC ?

zari90

@Gertjan no its dual nic server and the pi-nodes are single nic just trying to get the 2 applications to point to the external wan IP in the simplest way possible

Gertjan

@zari90 said in unable to get firewall to route traffic:

get the 2 applications to point to the external wan IP in the simplest way possible

Applications on devices on the LAN that need to use the WAN IP ? => ??? Why ?

@zari90 said in unable to get firewall to route traffic:

no its dual nic server a

Who is a dual NIC ? The NAS ? Is it routing then ? or are the two NICs of the NAS set up so both behave like a switch ? Strange ...

zari90

@Gertjan so i'm trying to point jellyfin to the wan so that I can access it externally the NAS server has dual nic's not the windows 10 machines. so when I visit jellyfin.example.com it redirects to the server where the docker container resides, the windows 10 machines I'm just trying to do port forward with ports 31400, 31401

Bob.Dig

@zari90 Your network diagram isn't that good. Anyways, you have only one LAN on pfSense? And please remove all of the NAT rules (port forwards) other than the first two.
Show them again and NAT Outbound.

zari90

@Bob-Dig
Apologies for the poor diagram I have one LAN currently yes

Gertjan

@zari90 said in unable to get firewall to route traffic:

so i'm trying to point jellyfin to the wan

Ah, ok, yeah, get it, but that's pretty broken behavior.
WAN refection is .... burk.
It's like calling your own phone number and wondering why the guy doesn't asnwer ... something like that.

The clean and better way to do things :
Use the LAN IP.
You want to use host names ? That's ok.

Go here and note down the domain name - or ask the admin :

With this knowledge, create a host override here :

and from now on you can use

a_yellifin.your-pfsense-domain-name.tld

from everywhere on your local networks instead of the IPv4.

edit :
and oh sh#t again :
This :

means you Laptop (no network given !) is not on the LAN ? Another pfSense LAN ?

Bob.Dig

@zari90 Good. You can't redirect DNS over TLS (DoT) so this can be removed too.

You haven't showed your LAN rules right? It is probably a mess too. Reset the LAN rules to the two default allow any rules. And then we go step by step, you start with an easy task you decide and we will guide you. ;)

zari90

@Gertjan
pfsense already in dns resolver as well as the other IPs it works internally just not externally, so its like someone call example.com but getting voicemail. the laptop is on dhcp on the same network

zari90

@Bob-Dig
This is the current LAN rules

Bob.Dig

@zari90 You can re-add the "LAN-subnets" to the IPv4 allow rule and remove the NAT rule for DoT. You said you only have one LAN but I do see VLANs. Also in your "diagram" there were no other LANs shown...

zari90

@Bob-Dig
We can start where ever, I would however like to get the port forward working can't find how to do that anywhere youtube etc... so port 31400, 31401

zari90

@Bob-Dig
the vlans are just here but not in use yet no traffic passing through on that yet

zari90

@zari90

Bob.Dig

@zari90 said in unable to get firewall to route traffic:

so port 31400, 31401

Then create the NAT rule and show and explain it. Also we assume that your ISP allow unsolicited incoming connections, many don't these days. If you have a new ISP, you could be out of luck.

zari90

@Bob-Dig
tested but the port is not open and I don't think my ISP blocks anything I have a dlink router that i replaced with this netgate and everything works fine just not very secure

MoonKnight

@zari90

LAN address should be your server IP(pi-node IP)

Bob.Dig

@zari90 Whatever a pi-node is, it is not running on your pfSense LAN-address. If it is running on your Windows-machine, use the IP-address of that machine instead.

zari90

@Bob-Dig

its on dhcp though so the windows 10 machine will pick up a new IP when it restarts i've changed it now to a static IP not working either