unable to get firewall to route traffic
-
@zari90
In your NAT rule, make sure you have it like this.
-
No rules means :
nothing can enter WAN.If you have created a NAT rule (from WAN to LAN), then there will be auto created a WAN firewall rule, so the traffic can actually enter the WAN. It has to enter, so the NAT rule can do its job=>sending the traffic to the pfSense LAN network with the good LAN IP.
Check your NAT rule, at the bottom you'll find :
and clicking on the blue "View the filter rule" (which is a pass rule in WAN normally) will show you the firewall rule. The one you've just deleted ....
-
done rule is there now but still not open
-
@zari90 said in unable to get firewall to route traffic:
done rule is there now
The states show zero, that is not good. This could mean something is blocking it before pfSense. Or you using the wrong address with the port-checker? Have you tried with your WAN-IP-Address or just with a domain name? Try both. If it is still not working and that port tester is working, there is something else blocking it before pfSense. And there is nothing we could do about that within pfSense and here.
-
@zari90
just with the wan IP the windows 10 machine is not in dns, let me try with Jellyfin add a rule and see if that works -
-
@zari90 said in unable to get firewall to route traffic:
10 machine is not in dns
It is not about DNS at this point. If you test the port of your WAN-IP from the outside, it should create a state on WAN if there is a rule for that. For whatever reason now there is something shown for your first rule. Don't take the screenshot to quick after the port test, wait some seconds and reload the page before you take a screenshot or look.
-
@Bob-Dig
okay tried both domain name and WAN-IP but port still seems to closed -
@zari90 Look at the states.
-
@zari90
What protocol are your service running at? TCP or UDP?
Not all port-tester can to UDP port test. -
@Bob-Dig
can see the state yes trickling in but port checker still shows port is closed on both NAT port forward rules -
@MoonKnight
for jellyfin its tcp/udp and the other is just tcp -
@zari90 So that is a good sign, your pfSense-WAN was receiving the connections! Now the problem is on your hosts, maybe the windows firewall is blocking something or whatever but it is not within pfSense, from what you have told us.
-
showing there is traffic but nothing ports still closed
-
@Bob-Dig
can't access jellyfin externally either -
@zari90 Outbound NAT is still on automatic? Gateways are default? Then there es nothing I could tell you.
-
everything still default only port change for pfsense 10443 so nothing else changed
-
@Bob-Dig
and this was changed to pure NAT
-
@zari90 Pure NAT might be okay for beginners but also it has nothing to do with your problem. Maybe try another port tester like GRC | ShieldsUP! But again, it is not with pfSense anymore, must be your machines now.
-
@Bob-Dig
if I use cloudflared docker container then I can get to the sites no issue so not sure why it isn't working normally okay thanks will poke around more
