Port forwarding behind new AT&T gateway.
-
Hello!
I recently moved from time warner to AT&T's fiber service and want to use my existing networking setup.
Previously, I was able to use my own modem with TWC and connect it directly to a pfsense box I have running on a little mini PC, so the setup was very simple.
With AT&T, I now need to use their all-in-one "box", which is frustrating in itself, but even more angering is that I cannot put this box into a simple bridge mode. It's recommended that I configure it as "DMZPlus". They define this as:
Allow all applications (DMZplus mode) - Set the selected computer in DMZplus mode. All inbound traffic, except traffic which has been specifically assigned to another computer using the "Allow individual applications" feature, will automatically be directed to this computer. The DMZplus-enabled computer is less secure because all unassigned firewall ports are opened for that computer.
So I have a LAN port on the AT&T box plugged into the WAN port of my pfsense box, and I configured the AT&T box to put the pfsense box in "DMZPlus" mode. All seems to be working fine, and I see my external IP address assigned to the WAN port of my pfsense box as expected.
However, i previously had a port forwarding NAT rule setup to forward SSH traffic to my sever inside my LAN. That no longer works, and I tried to recreate it to no avail. I tried forwarding http traffic which doesn't seem to work either. Is there something I'm missing here, or could someone point me in the right direction?
Separately, if I run an nmap port scan against my external IP, I should see the ports that I've forwarded as being "open", correct?
-
Separately, if I run an nmap port scan against my external IP, I should see the ports that I've forwarded as being "open", correct?
Yes if done from outside of your network (aka from WAN) and the port is also open on the end server.
Check the firewall log on pfSense / do a packet capture to check if the traffic is even arriving at your pfSense at all. Might be that AT&T is blocking incoming traffic.