More Port Forwarding to WebServer problems….this is driving me crazy, pls help

Omega

Hi guys, im very new to pfsense and this problem has had me stumped for the last two days.

I have some surveillance software running on a machine on my network, and it runs a webserver etc to make it all viewable remotely thru the WAN.

Now on my old DLink router, i just setup Port Forwarding (via the Virtual Server tab) for all the ports required (81, 3550, 3650, 4550, 5550, 9650). Basically it went something like "Allow - TCP/UDP - Port Number - From WAN - To 192.168.0.100"

And on the Dlink it worked fine, as did a Port Forward for VNC (5900) to the same machine.

Ive only just got around to trying to setup the WebServer for the surveillance software, and i just cant get it, or VNC to work.

Here is what i have done:

Firewall -> NAT -> Portforward

and added teh following rule:

WAN - Interface Address - TCP/UDP - External Port Range 85 - NAT IP 192.168.0.100 - Local Port 85

Plus i left the option checked about automatically creating a firewall rule.

When i tried the port forward for VNC, i did the exact same thing, but for port 5900.

Neither forwards work. It really is driving me nuts as i know its getting thru, but its being blocked by something as it doesnt slowly timeout, the webbrowser instantly returns an error, as does VNC saying it cannot access it.

The reason this is most bizarre, is i have port 412 TCP and UDP forwarded for using DC++, and 5060 for my VoIP ATA and this all works fine.

Could it have something do to with the Static Route option i had to enable to get the VoIP to work (in the Advanced Outbound Firewall tab)?

If anyone could shed some light on this it would be VERY much appreciated.

Thanks in advance guys.

hoba

When you try to make connections on the non working ports do you see states for them at diagnostics>states? (use the filter option to filter for the destination IP or a port for easier viewing). If so it's not the pfSense blocking things. Maybe you have a firewall running on your device behind the pfSense or maybe even in front of you (another router)?

Omega

No i do not see states for them when i try and make a connection., so does that mean that its pfsense blocking them?

Omega

okay ive modified the setup a little.

Instead of having my ADSL modem handling the PPPoE internet connection, i know have set it to Bridge Mode and Pfsense is handling that too.

NOW i can see states being added as i try and connect….BUT it still doesnt connect.

Omega

ARGH, i found the problem.

In my uncertainty as to what protocol (TCP or UDP) was being used…i forwarded both for port 81.

Just now when i unticked UDP and just forwarded TCP...the webserver now works....AND after doign the same to VNC...it works too.

I dont really understand why forwarding the UDP port AS WELL as TCP would make a difference, or is TCP/UDP  not the same thing as TCP and UDP seperately?

hoba

TCP/UDP shouldn't cause a problem in your example as both should be open and be forwarded. Just note, that once you have autgenerated the firewallrule by adding the portforward the both rules (nat and firewall) are not linked together anymore. If you change one you have to change the other as well. Maybe this is/was the problem as you changed rules manually later?