Cant achieve simple port forward
-
If you have a port forwarded you must have an associated firewall rule for it to work.
We're assuming that your trying to access this port from the WAN side of your pfSense router… Correct?
-
however under firewall – rules there is ... but we want to do the above and not this one.
No, this is the rule associated with the NAT, that lets the traffic through the firewall.
Cheers.
-
ok lets start again.
firewall – rules.
added a new rule under WAN interface.
then added a rule under nat - port forward ... see attached.
still not working.
-
Hi,
What about the connection (dsl / cable etc.) The specific rule is forwarded to pfSense box? You done rules right but if you don't use modem bridge mode it might be your problem. Let us know about it.
Regards,
SGTR -
still not working.
Please provide more information:
How are you testing it - (for example, how do you ensure the access attempt arrives on the pfSense WAN interface)? What is reported in your test? Do you see your access attempt reported in the firewall log?Does the target application need to be configured to allow the access you are attempting?
Have you done a packet capture on pfSense WAN interface to verify the access attempt is reaching the firewall? Have you done a packet capture on the pfSense interface to which the target device is connected to verify the access attempt is being port forwarded?
You have configured a port forward for TCP. Do you know the application uses TCP and not UDP? (You were asked this earlier and I didn't see an answer.)
I have a couple of port forwards setup on my pfSense WAN interface to a server on an OPTx interface and I didn't have to do any more than setup the appropriate fort forward rules.
-
coming back to this again because last time i literally gave up.
i have a router connected to the LAN port of my pfsense box.
my lan ip on my pfsense is: 10.111.63.41/24
my router is 10.111.63.42/24 accessed via port tcp 8291
so i've created the following rule. (see attached image)
and i've made sure the option "Filter rule association" to simplify things…
and it isnt working. i dont know why and and how to see the firewall logs to see whats plugged and not.
please help!
-
Nat reflection : enable
fixed it.
whatever it means!
-
Hmm, NAT reflection will 'reflect' outgoing connections that are destined for incoming port forwards.
E.g. You are running a web server behind pfSense and have setup port forwarding so that users on the internet can access it. You have a domain setup and dns records that point to your pfSense WAN interface so that your web server can be accessed via a url, www.someurl.com. This works as expected.
However from within your network you cannot access the web server at www.someurl.com, problem. This is because from inside your network the url resolves to your pfSense WAN interface, an outgoing connection.
This results in either nothing or in the pfSense web interface appearing, sometimes with a security warning, instead of the expected web server.
NAT reflection resolves this by correctly routing the connection back to your internal web server.The only way this should have made any difference in your case is if your were testing the connection from inside your network.
Reading back through the thread we should have established that in the first post where as in fact it wasn't until Wallabybob asked:
How are you testing it - (for example, how do you ensure the access attempt arrives on the pfSense WAN interface)?
By that time you had lost the will to carry on! Sorry. :-[
Steve
-
so in other words, nat reflection is bad?
its seems to be the only working way.
-
No NAT reflection is the correct way to do this if you are using a URL to access an internal server.
The Winbox software appears to use it's own dynamic DNS lookup somehow so this would probably apply.
http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3FSteve
Edit: I can't find where I read that about WinBox and DNS now.
