Port forwarding problem
-
You can use a service like photobucket.com, which will export the html image code… allowing you to post screenshots.
-
You haven't told us the 'source address' and 'destination address' fields in your NAT rule. Only 'external address' which isn't one of the fields. Confusing! ;)
Steve
-
^ exactly. there is no external address field in nat, do you mean src is set to any. Then what is your dst address in the nat, it should be wan address. If you put in the IP address of your server then no it would never work. Because the wan would never see traffic dest of your private IP address. All traffic on your wan interface would be a dst of your wan address.
Once your wan rule allows the traffic in, then the nat would nat and forward that traffic to where you want it to go.
Nor did you list what the source port in your nat rule is set too in your above. Just post a screen shot.. As to it being too large - what the hell are you using to take it with print screen, that is going to be a BMP file? Use one of the 1000's of free tools out there to take your screen shot and save it in a format that makes sense, jpg, png, etc. And they also allow you to reduce size and quality to make for very small size.
Windows 7 has the built in snipping tool for example.
By default your firewall wan rule should be autocreated when you setup the nat/forward.
-
You haven't told us the 'source address' and 'destination address' fields in your NAT rule. Only 'external address' which isn't one of the fields. Confusing! ;)
Steve
I told you everything that's in the rule…
Anyway, the problem with posting screenshots was that I was trying to post all of my screenshots in one post... thus why the forum was saying too large. Anyway, here's screenshots... broken up over multiple posts
Attached here is my NAT settings
 -
And firewall settings
 -
Firewall rule page 1
 -
Firewall rule page 2
 -
Firewall rule page 3
 -
What version of of sense are you running? I don't see interface on the nat rule
It's on the edit page but not the rule listing.
Are you using old 1.x line?
-
Hmm, looks like 1.2.3 or earlier. You should update when you have an opportunity to so safely.
Anyway you should have 'external address' set to 'interface address'.Steve
-
I'm using 1.2.3. I have a captive portal with user self registration, which is why the old version. There was a php script posted here on the forums by another user for user self registration that I am using (modified of coarse), but it does not work on 2.0+, just older versions of pfSense.
-
Well couple things – again not seeing WAN as interface on the actual listing of the rules. But only in your edit, did it get unselected somehow?
Also is that other nat working? And I agree with stephenw10 the external should be set to WAN interface address not any. Also your edit along with interface, but why would your external port be 22-any, you don't want to foward 23 to 22 do you. Your dst is ssh-ssh so your external should match that ssh-ssh
-
I FOUND THE PROBLEM! ;D
It actually has to do with the captive portal. I had to add to and from rules in the allowed IP addresses list. I already had added the server's MAC to the MAC Pass-Through list, and thought that was all I needed to do, but I was wrong. Now that I have added the IP address of the server to the "allowed IP addresses" list in Captive Portal section it is working as it should be.
Thank you guys for helping me troubleshoot. :) You all have been quite helpful!
