Port forwarding question.

hoba · Nov 11, 2005, 6:07 PM

You have a tab labeled "inbound "? What version are you running? This was renamed several versions ago to "port forward", so I assume you are running a quite old version? Check under status>system in the webgui. Also note that you can't test your nat from inside your lan (see this thread http://forum.pfsense.org/index.php?topic=66.0 ).

Ath the "port forward" or "inbound" tab the rule you have to create looks like this(just listing settings):

WAN
interface adress
udp
8767
8767
192.168.0.197
8767
description
[x]

Ask someone to test your teamspeak from the outside. Other option would be to test with a client in front of your pfSense from inside you Gatewayrouters LAN. If it works from this client in front of your pfsenses wan and not from somebody coming from the internet, your pfSense config is fine and you have to check your gatewayrouter again.

If it doesn't even work from a client at pfSense's WAN something with your configuration is wrong.

If it works even from the internet be happy ;-)

Jesse7 · Nov 11, 2005, 9:56 PM

@hoba:

You have a tab labeled "inbound "? What version are you running? This was renamed several versions ago to "port forward", so I assume you are running a quite old version? Check under status>system in the webgui. Also note that you can't test your nat from inside your lan (see this thread http://forum.pfsense.org/index.php?topic=66.0 ).

Ath the "port forward" or "inbound" tab the rule you have to create looks like this(just listing settings):

WAN
interface adress
udp
8767
8767
192.168.0.197
8767
description
[x]

Ask someone to test your teamspeak from the outside. Other option would be to test with a client in front of your pfSense from inside you Gatewayrouters LAN. If it works from this client in front of your pfsenses wan and not from somebody coming from the internet, your pfSense config is fine and you have to check your gatewayrouter again.

If it doesn't even work from a client at pfSense's WAN something with your configuration is wrong.

If it works even from the internet be happy ;-)

I am running .90 which is the latest version? I didn't install .92 because I can't find anywhere that says it is official after it got taken down because of the DHCP problems or whatever?

So yeh you are right it says port forward :).

Thanks hoba I guess I know how to check it now anyways. My port forwarding rules are now working for other programs anyway like Edonkey. After seting up two port forward rules it went from unreachable to reachable, so it is working. Thanks for showing me the DMZ setting so I don't have to setup two lots of rules! :).

hoba · Nov 11, 2005, 11:01 PM

nice you got it working :D

agismaniax · Mar 1, 2006, 6:53 AM

I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
I want to make incoming connection from my WAN to LAN.

For example, I want to give acess to FTP service.
I have setting like this in Firewall > Rules > WAN:
Proto: TCP/UDP
Source: *
Port: *
Destination: WAN address
Gateway: *
Description: WAN to LAN (FTP)

In my Firewall > NAT > Port Forwarding:
If: WAN
Proto: TCP/UDP
Ext. Port Range: 21 (FTP)
NAT IP: 172.16.4.4
Int. Port Range: 21 (FTP)
Description: WAN to LAN (FTP)

Why is it not working at all?

duck7207 · Mar 1, 2006, 1:54 PM

@agismaniax:

I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
I want to make incoming connection from my WAN to LAN.

For example, I want to give acess to FTP service.
I have setting like this in Firewall > Rules > WAN:
Proto: TCP/UDP
Source: *
Port: *
Destination: WAN address
Gateway: *
Description: WAN to LAN (FTP)

In my Firewall > NAT > Port Forwarding:
If: WAN
Proto: TCP/UDP
Ext. Port Range: 21 (FTP)
NAT IP: 172.16.4.4
Int. Port Range: 21 (FTP)
Description: WAN to LAN (FTP)

Why is it not working at all?

the correct rules is for ftp anyways:
in nat/port forward:
(when making a rule in nat/port forward make sure this is enabled: Auto-add a firewall rule to permit traffic through this NAT rule, then you dont have to make a rule in the rules option for it is created by it self)

if=WAN
proto=TCP
Ext. port range=21 (FTP)
NAT IP=192.168.0.210
Int. port range=21 (FTP)
Desc=ftp server

in rules/wan

proto=TCP
source=*
port=*
destination=192.168.0.210
port=21 (FTP)
gateway=*
desc=NAT ftp server

and eveyrone that is connectiong to must write my ipadress/dyndns:21 <<–-- must write the port to,

this is working for me anyway.

Jesse7 · Mar 2, 2006, 12:01 AM

@agismaniax:

I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
I want to make incoming connection from my WAN to LAN.

For example, I want to give acess to FTP service.
I have setting like this in Firewall > Rules > WAN:
Proto: TCP/UDP
Source: *
Port: *
Destination: WAN address
Gateway: *
Description: WAN to LAN (FTP)

In my Firewall > NAT > Port Forwarding:
If: WAN
Proto: TCP/UDP
Ext. Port Range: 21 (FTP)
NAT IP: 172.16.4.4
Int. Port Range: 21 (FTP)
Description: WAN to LAN (FTP)

Why is it not working at all?

Don't create your firewall rule manually. When you create your port forward tick the box at the bottom like the poster below said and it will make the rule for you automatically.

I'm no expert but to me it looks like you made the firewall rule incorrectly. Instead of Destination: Wan address. It should be the LAN address.

Use the auto make firewall rule to see where you went wrong.

If your problem is still not fixed there is something called FTP helper I'm not familair with this setting but do a search maybe it can help you too.

Jesse7 · Mar 2, 2006, 12:03 AM

This is an oldish thread. When I made it the colour coded posts were not enabled. I initially clicked thanks solved when coming back to this thread today. But then it locked the thread? So no further discussion could be had so I changed it back to "didn't help" even though it did so the thread can keep going.

agismaniax · Mar 2, 2006, 2:36 AM

@duck7207:

the correct rules is for ftp anyways:
in nat/port forward:
(when making a rule in nat/port forward make sure this is enabled: Auto-add a firewall rule to permit traffic through this NAT rule, then you dont have to make a rule in the rules option for it is created by it self)

if=WAN
proto=TCP
Ext. port range=21 (FTP)
NAT IP=192.168.0.210
Int. port range=21 (FTP)
Desc=ftp server

in rules/wan

proto=TCP
source=*
port=*
destination=192.168.0.210
port=21 (FTP)
gateway=*
desc=NAT ftp server

and eveyrone that is connectiong to must write my ipadress/dyndns:21 <<–-- must write the port to,

this is working for me anyway.

i follow your guide but still won't work.
Btw. my pfsense machine have 4 WAN(s) and 1 LAN.
my first WAN is 203.77.230.xx, my second WAN is 202.169.57.xx, my third WAN is 202.159.10.xx, my forth WAN is available and my LAN is 172.16.4.x
how to make a working port forwarding to internal network with multiple WANs? ??? ??? ???

dot_desig · Apr 16, 2007, 6:54 PM

I'm having the same problem, or similar…
I suppose that all is well configured NAT and Rules, but Trafic on port 21 does not pass.

Connected with ftp.****.net. Waiting for welcome message...

And it stops there.
All other services are running perfectly only FTP is fails.

Log shows
pftpx[527]: #9 server timeout

The server works fine inside lan

cmb · Apr 18, 2007, 1:36 AM

Try a recent snapshot, FTP should work out of the box now. seems to fix all the problems people were having.
http://snapshots.pfsense.com/FreeBSD6/RELENG_1/