Unable to open ports
-
Got it!!!
Well. appearantly this is the problem:
External port range. Only from is configured. this way it does NOT work only when you also (in this case https) set to options to HTTPS for "from" and "to" the forwarding works.
-
When you click the from, it auto fills the to with the same port. Why would you of changed the to to other? Your not forwarding a RANGE, your forwarding a PORT. So if you changed to to other and then did not put in the other port – yeah it would not really be a valid forward, it would be from 443 to ? (what port)..
So yeah it would make sense that would be broken
-
Thing whas. When i clicked From to lets say HTTP then it auto fills indeed. But when i edit the rule it whas on other again. Changed it back to HTTP at the "To". And it worked.
But now i have a problem the other way around ???
I cant block any ports on my LAN side. I put this rule on the LAN side:
When i do a port scan with Advanced Port Scanner i see that port 80, 53 and 21 are still open. And netsend results are this:
-
What rules you have applied before this rule?
-
Well I can tell you I have edit many a rule, and have never seen it flip the to other?? So not sure what your talking about there.
As to not being able to block traffic from your lan?? Did you clear you states on pfsense after you made this rule - which is on the lan section of the firewall?
At a loss to what showing netstat -an from a client has to do with what ports would be open on pfsense or what ports it would allow through its firewall?
Rules would be processed in order, so if you have a rule above this rule that says allow any, which is the default rules created for the lan.. Then no this rule would never be hit.
Post up a screenshot of your lan section showing this rule, and then clear your states, etc.. Keep in mind you don't want to lock yourself out of accessing the pfsense gui or ssh, etc. See the top rule on my lan side.
-
Pass. Allow any! For the lan side. When i do that i have internet. When i block i have no connection and cant ping like it supose to work. But when i check the ports they apear open!..
-
What do you mean when you check the ports?? What you showed was a "netstat -an" from some windows client - not from pfsense..
What would a firewall rule on pfsense have to do with ports listening on a windows client?
"When i block i have no connection and cant ping like it supose to work."
What do you think should happen when you block ALL protocols?? What do you think should ping??
-
But when i check the ports they apear open!..
In netstat in Windows like you showed above? Yeah, they sure will be, no network firewall is going to your Windows system and turn off its services. netstat just shows what your Windows host is listening on, your firewall has 0 control over that.
-
Thanks for the reactions. Indeed i discoverd that netstat does not show ports open on my PFsense… I do have managed to open ports with NAT now.
The problem whas that i had to edit the NAT rule and reconfigure the "To" from "other" back to the port i wanted to open! After i edit a rule only then does the rule work!..
-
Are you saying that when you create the nat to forward for a specific service, say ftp for example that the rule being generated is wrong? Ie its saying other or flipping the to other even though from is set to ftp??
I find this highly unlikely to be honest – I have created many a port forward, and just recently played with ftp for another thread showing how to create the forwards. Just added a few for my directv boxes, etc.
And have never seen this sort of action.
Please post up some images showing what is happening that you have to edit rules to make them work vs them working upon creation.
-
I will this week!
