unable to get firewall to route traffic
-
@Bob-Dig
Apologies for the poor diagram I have one LAN currently yes
-
@zari90 said in unable to get firewall to route traffic:
so i'm trying to point jellyfin to the wan
Ah, ok, yeah, get it, but that's pretty broken behavior.
WAN refection is .... burk.
It's like calling your own phone number and wondering why the guy doesn't asnwer ... something like that.The clean and better way to do things :
Use the LAN IP.
You want to use host names ? That's ok.Go here and note down the domain name - or ask the admin :
With this knowledge, create a host override here :
and from now on you can use
a_yellifin.your-pfsense-domain-name.tldfrom everywhere on your local networks instead of the IPv4.
edit :
and oh sh#t again :
This :
means you Laptop (no network given !) is not on the LAN ? Another pfSense LAN ?
-
@zari90 Good. You can't redirect DNS over TLS (DoT) so this can be removed too.
You haven't showed your LAN rules right? It is probably a mess too. Reset the LAN rules to the two default allow any rules. And then we go step by step, you start with an easy task you decide and we will guide you. ;)
-
@Gertjan
pfsense already in dns resolver as well as the other IPs it works internally just not externally, so its like someone call example.com but getting voicemail. the laptop is on dhcp on the same network
-
@Bob-Dig
This is the current LAN rules
-
@zari90 You can re-add the "LAN-subnets" to the IPv4 allow rule and remove the NAT rule for DoT. You said you only have one LAN but I do see VLANs. Also in your "diagram" there were no other LANs shown...
-
@Bob-Dig
We can start where ever, I would however like to get the port forward working can't find how to do that anywhere youtube etc... so port 31400, 31401
-
@Bob-Dig
the vlans are just here but not in use yet no traffic passing through on that yet -
-
@zari90 said in unable to get firewall to route traffic:
so port 31400, 31401
Then create the NAT rule and show and explain it. Also we assume that your ISP allow unsolicited incoming connections, many don't these days. If you have a new ISP, you could be out of luck.
-
@Bob-Dig
tested but the port is not open and I don't think my ISP blocks anything I have a dlink router that i replaced with this netgate and everything works fine just not very secure
-
-
@zari90 Whatever a pi-node is, it is not running on your pfSense LAN-address. If it is running on your Windows-machine, use the IP-address of that machine instead.
-
its on dhcp though so the windows 10 machine will pick up a new IP when it restarts i've changed it now to a static IP
not working either -
@zari90 said in unable to get firewall to route traffic:
not working either
Show the WAN rules now, we want to look at the "states".
-
@Bob-Dig
removed rules earlier to start fresh -
@zari90 If you create a NAT-Rule, there should be placed a rule on WAN for you. So something is not right. Remove the NAT rule and create it again, then look if the WAN rule was created. If not, you are doing something wrong.
-
@zari90
In your NAT rule, make sure you have it like this.
-
No rules means :
nothing can enter WAN.If you have created a NAT rule (from WAN to LAN), then there will be auto created a WAN firewall rule, so the traffic can actually enter the WAN. It has to enter, so the NAT rule can do its job=>sending the traffic to the pfSense LAN network with the good LAN IP.
Check your NAT rule, at the bottom you'll find :
and clicking on the blue "View the filter rule" (which is a pass rule in WAN normally) will show you the firewall rule. The one you've just deleted ....
-
done rule is there now but still not open
