Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN and NAT Port Forwarding not working

    Scheduled Pinned Locked Moved Routing and Multi WAN
    17 Posts 4 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Blunk
      last edited by

      This is what I have

      https://www.dropbox.com/s/0nw76fa16cb1joe/Screenshot%202015-06-22%2011.41.54.png?dl=0
      https://www.dropbox.com/s/mck8nzdsfcsbydu/Screenshot%202015-06-22%2011.42.06.png?dl=0
      https://www.dropbox.com/s/gs275hg3zmdjkiy/Screenshot%202015-06-22%2011.42.14.png?dl=0
      https://www.dropbox.com/s/c2bw7mav2te8uze/Screenshot%202015-06-22%2011.41.59.png?dl=0

      Any clues?

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Yeah.  Please use the "Attachments" in the message composition screen.  It's FAR easier to look at what you're doing when we can instantly look at all the images side-by-side.

        Read and understand this:

        https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

        You have the destination as FIBERTEL net on your FIBERTEL interface rules.  That is wrong.

        Read and understand this:

        https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

        And this:

        https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        You have '*' as the destination in your NAT rule even though the documentation says:

        Destination: Specifies the original destination IP address of the traffic, as seen before being translated, and will usually be WAN address.

        Yes, you will need a rule for BOTH WANs if you want it to work reliably on BOTH WANs.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • B Offline
          Blunk
          last edited by

          Thank you. Or I still have something missing or I really don't understand it :(
          I tried several configs. What I am really sure is that my WAN has the port open. I can access pfSense remotly. I am just not getting port forwarding to work.

          ![Screenshot 2015-06-24 21.48.21.png](/public/imported_attachments/1/Screenshot 2015-06-24 21.48.21.png)
          ![Screenshot 2015-06-24 21.48.21.png_thumb](/public/imported_attachments/1/Screenshot 2015-06-24 21.48.21.png_thumb)

          1 Reply Last reply Reply Quote 0
          • T Offline
            tim.mcmanus
            last edited by

            What is a jenkins port?

            See my attached screen shot for NATing a mail server SMTP port.  It shows the interface as the WAN2 interface, the destination address is the IP address of WAN2, the destination port on the WAN2 interface is 25 (for SMTP), the NAT IP is the internal address of the mail server, and the NAT ports are 25, again the SMTP ports.

            This NAT port forward directs traffic that is going into the WAN2 port 25 to the mail server at 10.0.1.240's port 25.

            The second screen shot shows the matching firewall rule that allows that traffic to come in and actually reach the destination machine.  You need to have both set up (hence the neat green link on the NAT page showing you that there is a linked FW rule).

            Instead of some jenkins port thingy, you should have 8080 as your port in both the NAT and FW rule.

            ![Screen Shot 2015-06-24 at 10.39.05 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-24 at 10.39.05 PM.png)
            ![Screen Shot 2015-06-24 at 10.39.05 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-24 at 10.39.05 PM.png_thumb)
            ![Screen Shot 2015-06-24 at 10.42.19 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-24 at 10.42.19 PM.png)
            ![Screen Shot 2015-06-24 at 10.42.19 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-24 at 10.42.19 PM.png_thumb)

            1 Reply Last reply Reply Quote 0
            • B Offline
              Blunk
              last edited by

              Nope… I have 3 subnets... does it matter? Some other option to activate?
              Router: 10.0.1.1
              Jenkins server: 10.0.2.200:8080

              ![Screenshot 2015-06-25 00.07.36.png](/public/imported_attachments/1/Screenshot 2015-06-25 00.07.36.png)
              ![Screenshot 2015-06-25 00.07.36.png_thumb](/public/imported_attachments/1/Screenshot 2015-06-25 00.07.36.png_thumb)
              ![Screenshot 2015-06-25 00.09.10.png](/public/imported_attachments/1/Screenshot 2015-06-25 00.09.10.png)
              ![Screenshot 2015-06-25 00.09.10.png_thumb](/public/imported_attachments/1/Screenshot 2015-06-25 00.09.10.png_thumb)

              1 Reply Last reply Reply Quote 0
              • B Offline
                Blunk
                last edited by

                Does this help?

                Locally from a computer in LAN I can access to 10.0.2.200:8080

                ![Screenshot 2015-06-25 00.27.10.png](/public/imported_attachments/1/Screenshot 2015-06-25 00.27.10.png)
                ![Screenshot 2015-06-25 00.27.10.png_thumb](/public/imported_attachments/1/Screenshot 2015-06-25 00.27.10.png_thumb)

                1 Reply Last reply Reply Quote 0
                • DerelictD Offline
                  Derelict LAYER 8 Netgate
                  last edited by

                  Looks to me like the server isn't listening on port 8080.  Or at least pfSense can't connect to it.

                  https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

                  https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    Blunk
                    last edited by

                    I tried them and pfSense is not connecting to that port. I also tried other HTTP server on LAN (10.0.2.2:80) and still having same issue.

                    Is there any configuration that is not working properly or something?

                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • DerelictD Offline
                      Derelict LAYER 8 Netgate
                      last edited by

                      If you configured it correctly it would be working.  I already told you that pfSense can't connect to the server on 8080.  If it can't connect the port forward can't either.

                      There is noting wrong with port forwarding in 2.2.2.  It all works as expected.  Go over everything on the port forwarding troubleshooting list.  Don't skip anything, actually look at everything and verify.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • T Offline
                        tim.mcmanus
                        last edited by

                        How are you testing remote access coming into your WANs?  Are you trying to access your WANs from a remote site as a test or some other way?

                        Check your firewall logs to determine if the traffic is getting to pfSense. Set up your NAT rules to log traffic and that too should show up on the firewall logs. If you don't see the remote IP address hitting your firewall, that may be an indication that there is something else going on.

                        1 Reply Last reply Reply Quote 0
                        • B Offline
                          Blunk
                          last edited by

                          OK. I just fixed the access from pfSense to the server. Now using the Test Port I do get response from the server on the port. Now I will try the port forwarding all again.

                          Thanks :)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.