Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding is not working

    NAT
    3
    3
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      F3lix85
      last edited by

      I am trying to setup port forwarding to access a web server on the LAN side of the pfSense server. I have it setup to forward port 444 on the wan side to port 80 on the lan side.

      WAN(444) > Server_IP(80)

      I have followed the instructions in the documentation for setup and troubleshooting.

      • I have logging turned on on the firewall rule and the logs show that it is allowing the connection to go through.

      • I can see the packets on both the WAN and LAN side using tcpdump.

      • I pinged the web server from pfSense to make sure it is still running.

      • I have also run a port scan on the web server using nmap on pfSense to make sure the server was listening on port 80.

      • I can connect to the web server while on the LAN side of the network.

      • The web server's default gateway is set correctly.

      I had to remove some of the IP addresses from the results below since they are publicly accessible.

      tcpdump results on WAN side:

      13:19:22.383616 IP <my ip="">.64393 > <wan ip="">.444: tcp 0
13:19:26.007615 IP <my ip="">.37963 > <wan ip="">.444: tcp 0
13:19:28.388441 IP <my ip="">.64393 > <wan ip="">.444: tcp 0
13:19:29.016340 IP <my ip="">.37963 > <wan ip="">.444: tcp 0
13:19:29.726565 IP <my ip="">.59670 > <wan ip="">.444: tcp 0
13:19:32.725387 IP <my ip="">.59670 > <wan ip="">.444: tcp 0
13:19:32.807075 IP <my ip="">.35767 > <wan ip="">.444: tcp 0
13:19:35.018054 IP <my ip="">.37963 > <wan ip="">.444: tcp 0</wan></my></wan></my></wan></my></wan></my></wan></my></wan></my></wan></my></wan></my>

      tcpdump results on LAN side:

      13:24:22.625308 IP <my ip="">.51928 > 192.168.5.10.80: tcp 0
13:24:23.085311 IP <my ip="">.59332 > 192.168.5.10.80: tcp 0
13:24:23.708635 IP <my ip="">.43035 > 192.168.5.10.80: tcp 0
13:24:25.614860 IP <my ip="">.51928 > 192.168.5.10.80: tcp 0
13:24:27.787732 IP <my ip="">.61719 > 192.168.5.10.80: tcp 0
13:24:29.090892 IP <my ip="">.59332 > 192.168.5.10.80: tcp 0
13:24:30.791572 IP <my ip="">.61719 > 192.168.5.10.80: tcp 0</my></my></my></my></my></my></my>

      nmap port scan:

      Starting Nmap 4.76 ( http://nmap.org ) at 2010-07-19 13:26 PDT
Interesting ports on 192.168.5.10:
Not shown: 999 filtered ports
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 00:0C:C8:02:46:51 (Xytronix Research & Design)

Nmap done: 1 IP address (1 host up) scanned in 5.01 seconds

      Thanks in advance for any help.

      1 Reply Last reply Reply Quote 0
      • D
        danswartz
        last edited by

        Are you sure there isn't some kind of firewall/acl on the webserver blocking non-LAN hosts?

        1 Reply Last reply Reply Quote 0
        • B
          bczeon27
          last edited by

          Double check the window firewall.  Try turnning off the window firewall to make sure.

          Then, Reboot the firewall state.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.