Port forwarding problem

jerwiles

You haven't told us the 'source address' and 'destination address' fields in your NAT rule. Only 'external address' which isn't one of the fields. Confusing! ;)

Steve

I told you everything that's in the rule…

Anyway, the problem with posting screenshots was that I was trying to post all of my screenshots in one post... thus why the forum was saying too large. Anyway, here's screenshots... broken up over multiple posts

Attached here is my NAT settings

![SSH Rule NAT.jpg](/public/imported_attachments/1/SSH Rule NAT.jpg)
![SSH Rule NAT.jpg_thumb](/public/imported_attachments/1/SSH Rule NAT.jpg_thumb)
![NAT Rules.jpg](/public/imported_attachments/1/NAT Rules.jpg)
![NAT Rules.jpg_thumb](/public/imported_attachments/1/NAT Rules.jpg_thumb)

jerwiles

And firewall settings

![Firewall Rules.jpg](/public/imported_attachments/1/Firewall Rules.jpg)
![Firewall Rules.jpg_thumb](/public/imported_attachments/1/Firewall Rules.jpg_thumb)

jerwiles

Firewall rule page 1

![Firewall SSH Rule pt1.jpg](/public/imported_attachments/1/Firewall SSH Rule pt1.jpg)
![Firewall SSH Rule pt1.jpg_thumb](/public/imported_attachments/1/Firewall SSH Rule pt1.jpg_thumb)

jerwiles

Firewall rule page 2

![Firewall SSH Rule pt2.jpg](/public/imported_attachments/1/Firewall SSH Rule pt2.jpg)
![Firewall SSH Rule pt2.jpg_thumb](/public/imported_attachments/1/Firewall SSH Rule pt2.jpg_thumb)

jerwiles

Firewall rule page 3

![Firewall SSH Rule pt3.jpg](/public/imported_attachments/1/Firewall SSH Rule pt3.jpg)
![Firewall SSH Rule pt3.jpg_thumb](/public/imported_attachments/1/Firewall SSH Rule pt3.jpg_thumb)

johnpoz

What version of of sense are you running? I don't see interface on the nat rule

It's on the edit page but not the rule listing.

Are you using old 1.x line?

stephenw10

Hmm, looks like 1.2.3 or earlier. You should update when you have an opportunity to so safely.
Anyway you should have 'external address' set to 'interface address'.

Steve

jerwiles

I'm using 1.2.3. I have a captive portal with user self registration, which is why the old version. There was a php script posted here on the forums by another user for user self registration that I am using (modified of coarse), but it does not work on 2.0+, just older versions of pfSense.

johnpoz

Well couple things – again not seeing WAN as interface on the actual listing of the rules. But only in your edit, did it get unselected somehow?

Also is that other nat working? And I agree with stephenw10 the external should be set to WAN interface address not any. Also your edit along with interface, but why would your external port be 22-any, you don't want to foward 23 to 22 do you. Your dst is ssh-ssh so your external should match that ssh-ssh

jerwiles

I FOUND THE PROBLEM! ;D

It actually has to do with the captive portal. I had to add to and from rules in the allowed IP addresses list. I already had added the server's MAC to the MAC Pass-Through list, and thought that was all I needed to do, but I was wrong. Now that I have added the IP address of the server to the "allowed IP addresses" list in Captive Portal section it is working as it should be.

Thank you guys for helping me troubleshoot. :) You all have been quite helpful!