unable to get firewall to route traffic

zari90

@Bob-Dig
This is the current LAN rules

Bob.Dig

@zari90 You can re-add the "LAN-subnets" to the IPv4 allow rule and remove the NAT rule for DoT. You said you only have one LAN but I do see VLANs. Also in your "diagram" there were no other LANs shown...

zari90

@Bob-Dig
We can start where ever, I would however like to get the port forward working can't find how to do that anywhere youtube etc... so port 31400, 31401

zari90

@Bob-Dig
the vlans are just here but not in use yet no traffic passing through on that yet

zari90

@zari90

Bob.Dig

@zari90 said in unable to get firewall to route traffic:

so port 31400, 31401

Then create the NAT rule and show and explain it. Also we assume that your ISP allow unsolicited incoming connections, many don't these days. If you have a new ISP, you could be out of luck.

zari90

@Bob-Dig
tested but the port is not open and I don't think my ISP blocks anything I have a dlink router that i replaced with this netgate and everything works fine just not very secure

MoonKnight

@zari90

LAN address should be your server IP(pi-node IP)

Bob.Dig

@zari90 Whatever a pi-node is, it is not running on your pfSense LAN-address. If it is running on your Windows-machine, use the IP-address of that machine instead.

zari90

@Bob-Dig

its on dhcp though so the windows 10 machine will pick up a new IP when it restarts i've changed it now to a static IP not working either

Bob.Dig

@zari90 said in unable to get firewall to route traffic:

not working either

Show the WAN rules now, we want to look at the "states".

zari90

@Bob-Dig
removed rules earlier to start fresh

Bob.Dig

@zari90 If you create a NAT-Rule, there should be placed a rule on WAN for you. So something is not right. Remove the NAT rule and create it again, then look if the WAN rule was created. If not, you are doing something wrong.

MoonKnight

@zari90
In your NAT rule, make sure you have it like this.

Gertjan

@zari90

No rules means :
nothing can enter WAN.

If you have created a NAT rule (from WAN to LAN), then there will be auto created a WAN firewall rule, so the traffic can actually enter the WAN. It has to enter, so the NAT rule can do its job=>sending the traffic to the pfSense LAN network with the good LAN IP.

Check your NAT rule, at the bottom you'll find :

and clicking on the blue "View the filter rule" (which is a pass rule in WAN normally) will show you the firewall rule. The one you've just deleted ....

zari90

@Bob-Dig

done rule is there now but still not open

Bob.Dig

@zari90 said in unable to get firewall to route traffic:

done rule is there now

The states show zero, that is not good. This could mean something is blocking it before pfSense. Or you using the wrong address with the port-checker? Have you tried with your WAN-IP-Address or just with a domain name? Try both. If it is still not working and that port tester is working, there is something else blocking it before pfSense. And there is nothing we could do about that within pfSense and here.

zari90

@zari90
just with the wan IP the windows 10 machine is not in dns, let me try with Jellyfin add a rule and see if that works

zari90

@Bob-Dig

nothing changed

Bob.Dig

@zari90 said in unable to get firewall to route traffic:

10 machine is not in dns

It is not about DNS at this point. If you test the port of your WAN-IP from the outside, it should create a state on WAN if there is a rule for that. For whatever reason now there is something shown for your first rule. Don't take the screenshot to quick after the port test, wait some seconds and reload the page before you take a screenshot or look.