Port forwarding not working :?
-
Ok, so I know this should be simple and it should work however it's not working D:
Ok so in pfsense I changed it's default port to a random port number 20000+
Then I go to http://192.168.1.1:23xxx/firewall_nat.php
I make a new rule and it's setup like this
I hit save then apply. Then I type in my external ip address or domain name and… nothing. Porque?? No port forward works...Also I'm having a lot of trouble with pfsense, like a lot of the time I can't connect to it, the router. Then a lot of the time I can't get online. But I think it has to do with those rosewill 1 gb/s cards. I switched my lan one out with a 100 mb/s linksys, and so far I think it works. I am going to get 2x reliable 1gb/s intel nics.
-
What you describe is the expected behavious.
The NAT table describes how traffic from one subnet gets translated into another subnet.
If traffic arrives from the same subnet it's destined to….If you try to access it from externally it will work as you expect.
There are 2 solutions to get around this limitation.
1: "NAT reflection"
Per default it's deactivated.
To enable go to: System --> Advanced --> "Disable NAT Reflection" and uncheck thec checkbox.2: "Split DNS"
You set the DNS forwarder up to answer to internal domain lookups with a predetermined IP.For more infos ans screenshots go here:
http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3FIf you have problems with your card try looking at the systemlog.
Do you get any "watchdog timeout"s there? -
Thanks man disabling nat reflection worked like a charm :)
-
Hi to all. I've been reading and searching, but I guess my setup is kinda different.
Internally, everything seems ok. What I'm using pfSense for is routing/firewall for my expectant ISP change. After the change I don't foresee any problems - I've set this up for others - but now with my current ISP the port forwarding just doesn't seem to work. Disabled NAT Reflection and checked to ensure that my settings are ok - will post screens if you require - but it still won't work.
The setup is - DSL MODEM (Paradyne 6211-I2) to pfSense. pfSense to wireless (not using the WAN port, just using it to pass through and act as a media converter). Previously, going through the MODEM directly and setting up the ports there I could check and find that they were forwarded ok. Now when I check it keeps saying they're blocked.
MODEM IP - 192.168.1.1/24
pfSENSE IP - 192.168.1.2/24 (to modem)
pfSENSE IP - 10.0.0.100/24 (to LAN)Modem is configured to allow the ports opened on 192.168.1.2, and pfSense is configured to allow the same ports open from my internal ip (10.0.0.1) to the modem assigned ip (192.168.1.2) - but it just wont work. Any suggestions welcome. Thank you.
-
I have the exact same setup in multiple places.
As suggested before, i write it again for you:
Setup split dns! -
I saw that, and I'm sure I tried it. I'm not certain about how that setup works though.
Most likely I'm doing something wrong there. Any assistance is welcome. I've changed the names and such, but no idea how to get it to work.
And I'm certain that the ports are forwarded on my modem and on pfSense properly. I could be wrong though - here are the screenies.
-
On the modem you forward TCP/UDP.
On the pfSense you only forward TCP.If you change the NAT rule dont forget to change the firewall rule as well.
Are you accessing by the name "meow.modem" ?
Did you read
http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F
(sound to me you didnt)…Also if you use the search function (for gods sake start using it) with the words "split dns screenshot" you will find this thread:
http://forum.pfsense.org/index.php/topic,9440.0.html
which explains in detail how to setup/use split dns entries. -
Let's make this simpler. I've read - I don't understand. I've searched, but not for said topic of splitting the dns. I searched for the modem model and also for port forwarding, and turned up nothing that helped. If you like I can PM you and have you connect to my machine via RD or some other method and you can attempt to fix it yourself. That would make life a lot easier. In any case, I'll read the second thread you linked and see if it helps. Waiting on your reply, and thanks.
