Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding frustrations

    Scheduled Pinned Locked Moved NAT
    7 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thebenchmark
      last edited by

      Hello I'd like to ask for you help since I been having some serious issues with pfsense for ages now.

      I've been portforwarding for ages now but mostly on simple consumer routers. Although I can't get it to work on PFsense.

      My set-up is the following:
      Pfsense is installed on a virtual machine (vmware), it has 2 nics that are only accesible to the VM these act as the la,/wan port, all has been running a couple of months stably.
      I recently upgraded to the latest version.

      For the port forwarding I followed every tutorial that i could find but only to find disappointingly little results.

      I've setup 2 aliases, one of the server and one for the ports, I'll include screenshots.
      Then I have created a linked rule in the nat and rules sections of the firewall.

      There are no further upstream/downstream issues as the server works fine and my isp blocks nothing, on other routers (dd-wrt) everything was fine and simple…

      Here are the screenshots
      Host alias as attachment 1
      Port alias as attachment 2
      Firewall: nat as attachment 3
      Firewall: rules as attachment 4

      Any advice would be greatly appreciated, I'm lost in the maze that is PFsense

      1.PNG
      1.PNG_thumb
      2.PNG
      2.PNG_thumb
      3.PNG
      3.PNG_thumb
      4.PNG
      4.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So you got a lot of ports in there.. Did you try just 1 port at a time?  And then going through the troubleshooting doc for that 1 specific port if does not work?

        https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        1 thing that jumps out me and would explain your issue is pfsense wan is not public, ie its behind a nat and you didn't forward your ports at nat in front of pfsense..  This is very common mistake.  Your pfsense is running on virtual.  What is wan IP?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          thebenchmark
          last edited by

          Thanks for your reply

          I'll try to make a port forward for a single port later today, but i have little hope of succeeding.

          My WAN should be public however, Pfsense makes its own PPPOE connection to my isp, these is a modem between pfsense and my DSL provider so I think that should be fine.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Go through the checklist in the link above. Your problem almost certainly is listed there.

            Just to eliminate #5, What are the first two numbers in your WAN IP address?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • T
              thebenchmark
              last edited by

              The first digits are 213.xxx.xxx.xxx

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                So go through the checklist and check everything no matter how silly it seems. Really check it all. Really.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  So I provide the link, and derelict says check the list per provided link and he gets a thank you and get nothing - wtf? ;)

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.