Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT not working correctly…maybe

    Scheduled Pinned Locked Moved
    NAT
    2
    2
    757
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gusgus
      last edited by

      I have a https-only apache2 light duty utility server setup behind pfsense 2.1-release amd64 in ESXi 5.5. The server seems to be working 100% for machines behind pfsense. We need some remote access, so I set up a NAT rule:

      WAN(TCP):[port] –> [server]:443

      and the appropriate firewall rule was generated automatically by pfsense when the NAT rule was created. However no matter which WAN port I choose I am not getting a response from the server on the WAN side.

      External port scanners report that each port I have tried has not been opened. From my understanding, any port that is forwarded to an open port on another machine should be read as open. Therefore NAT must not be working correctly. However I have other forwarded ports and they are working fine. I have tried (none have been successful):

      -Rebooting.
      -Forwarding to (server):80 since I have http forwarded to https.
      -Several different ports above 30000. The other ports I have forwarded across our network are in this upper range and are working just fine.
      -Checked the NAT and automatically generated firewall rule for errors, there were none that were obvious to me.

      Perhaps this is related: About a two months ago I was getting errors in the console: "calcru: runtime went backwards from xx usec to x usec for pid x" for several pids, including the kernel. These errors are reminiscent of the old HPET issue with pfsense 2.0 on ESXi, which I know was fixed (source: J. Pingle, pfsense email list). I'm not getting the errors at the moment but perhaps it's a regression, and it's related?

      I am stumped. Any ideas? I certainly understand that I need to learn more about networking (I'm no IT pro, I'm the most tech-savvy grad student in my research lab) so if I'm doing anything particularly stupid here please let me know.

      Edited: for clarity.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        And you sure your https server doesn't have a firewall blocking your access from outside its own network?  This is quite often the case.

        You sure your isp allows the ports your trying to forward?  Why would you not be forwarding 443 to 443?  You just list [port]

        Simple 2 second test, sniff on your wan – do you see the traffic come inbound say from your scan or someone outside your network trying to access?  If you see the traffic, do you see it leave the lan interface to your https server?

        https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.