Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ports will not open

    Scheduled Pinned Locked Moved General pfSense Questions
    27 Posts 4 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • x2rlX Offline
      x2rl
      last edited by

      Im just trying to open ports 60000-61000 on gateway 10.0.1.1 ip 10.0.1.10

      Ive looked in the logs not sure what im looking for/at?

      However in gateways im seening loads of these

      May 15 16:15:38 dpinger WAN_DHCP 86.*******: sendto error: 65

      Edit

      May 16 15:29:56 WAN Default deny rule IPv4 (1000000103)   81.~:52442   86.***:60000 TCP:S

      Guess its not open and its still blocking the ports

      1 Reply Last reply Reply Quote 0
      • KOMK Offline
        KOM
        last edited by

        Post up a screen of your WAN firewall rules.  Maybe the NAT definition didn't autocreate the rule.

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          Yes, we can't see if you have the port forward set to add a firewall rule automatically.

          Also we can't see the title bar so can't see if there are any alerts shown. If there are and they are showing unable to load the v6 bogons table then you may not be loading the new rules because of it.
          See: https://forum.pfsense.org/index.php?topic=145990.0

          That should be fixed in 2.4.3_1 though.

          Steve

          1 Reply Last reply Reply Quote 0
          • x2rlX Offline
            x2rl
            last edited by

            @KOM:

            Post up a screen of your WAN firewall rules.  Maybe the NAT definition didn't autocreate the rule.

            ive changed the ports to 40000-41000

            but here is the screenshot

            ![2018-05-16 (3).png](/public/imported_attachments/1/2018-05-16 (3).png)
            ![2018-05-16 (3).png_thumb](/public/imported_attachments/1/2018-05-16 (3).png_thumb)

            1 Reply Last reply Reply Quote 0
            • x2rlX Offline
              x2rl
              last edited by

              @stephenw10:

              Yes, we can't see if you have the port forward set to add a firewall rule automatically.

              Also we can't see the title bar so can't see if there are any alerts shown. If there are and they are showing unable to load the v6 bogons table then you may not be loading the new rules because of it.
              See: https://forum.pfsense.org/index.php?topic=145990.0

              That should be fixed in 2.4.3_1 though.

              Steve

              Was already on 60000

              ![2018-05-16 (4).png](/public/imported_attachments/1/2018-05-16 (4).png)
              ![2018-05-16 (4).png_thumb](/public/imported_attachments/1/2018-05-16 (4).png_thumb)

              1 Reply Last reply Reply Quote 0
              • KOMK Offline
                KOM
                last edited by

                Post your WAN firewall rules, not your NAT rules.  Firewall - Rules - WAN.

                1 Reply Last reply Reply Quote 0
                • x2rlX Offline
                  x2rl
                  last edited by

                  @KOM:

                  Post your WAN firewall rules, not your NAT rules.  Firewall - Rules - WAN.

                  Sorry

                  ![2018-05-16 (7).png](/public/imported_attachments/1/2018-05-16 (7).png)
                  ![2018-05-16 (7).png_thumb](/public/imported_attachments/1/2018-05-16 (7).png_thumb)

                  1 Reply Last reply Reply Quote 0
                  • KOMK Offline
                    KOM
                    last edited by

                    Looks good to me.

                    Next guess, is your WAN on private network space, eg. 192.168.x.x?  If so, you must uncheck the Block private networks option on WAN or it will reject all RFC1918 traffic before it hits your NAT rule.

                    1 Reply Last reply Reply Quote 0
                    • x2rlX Offline
                      x2rl
                      last edited by

                      @KOM:

                      Looks good to me.

                      Next guess, is your WAN on private network space, eg. 192.168.x.x?  If so, you must uncheck the Block private networks option on WAN or it will reject all RFC1918 traffic before it hits your NAT rule.

                      My wan come from my virgin media modem just gives me a an ip to pfsense is this what you mean KOM? it gives 82.x.x.x.

                      1 Reply Last reply Reply Quote 0
                      • KOMK Offline
                        KOM
                        last edited by

                        OK, that's not it.

                        Post a screen of your firewall logs (with public details masked) that shows all activity during your test?  Do any other NATs work for you?

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          There is >1GB that's been passed by that rule. If it's not hitting the server that a lot of unanswered requests!

                          You have changed from port 60000-61000 to 40000-41000, that's intentional?

                          In the first screenshot your client is setup for only one incoming port, 60000, not a range. Has that changed?

                          Block private networks will only ever block traffic sourced from a private network. Even if your WAN address is a provate IP (which it isn't) it will only block requests from other hosts in the WAN subnet, which could be legitimate.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • x2rlX Offline
                            x2rl
                            last edited by

                            @KOM:

                            OK, that's not it.

                            Post a screen of your firewall logs (with public details masked) that shows all activity during your test?  Do any other NATs work for you?

                            Think this is the correct log

                            ![2018-05-16 (8).png](/public/imported_attachments/1/2018-05-16 (8).png)
                            ![2018-05-16 (8).png_thumb](/public/imported_attachments/1/2018-05-16 (8).png_thumb)

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              Right, so your fiirewall rules are passing port 40000. But incoming traffic is on port 60000.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • x2rlX Offline
                                x2rl
                                last edited by

                                @stephenw10:

                                There is >1GB that's been passed by that rule. If it's not hitting the server that a lot of unanswered requests!

                                What does that mean sorry?

                                @stephenw10:

                                You have changed from port 60000-61000 to 40000-41000, that's intentional?

                                In the first screenshot your client is setup for only one incoming port, 60000, not a range. Has that changed?

                                Yea it was on 40000-41000 a few days ago so I changed it back to what it was before
                                @stephenw10:

                                Block private networks will only ever block traffic sourced from a private network. Even if your WAN address is a provate IP (which it isn't) it will only block requests from other hosts in the WAN subnet, which could be legitimate.

                                Steve

                                I have no idea what that means Steve sorry im very new to all this and think im in way way to deep trying to get all this working

                                1 Reply Last reply Reply Quote 0
                                • x2rlX Offline
                                  x2rl
                                  last edited by

                                  @stephenw10:

                                  Right, so your fiirewall rules are passing port 40000. But incoming traffic is on port 60000.

                                  Steve

                                  I think the 60000 is just because the torrents was running on that port and a few are still trying to connect.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    On the WAN firewall rules page the 'States' column shows how much traffic has been passed by states opened by that rule. Yours shows the ~1GB has been passed so traffic is hitting that rule and being passed as expected.

                                    It looks like you changed the port forward back to 40000-41000 but the client is still sending port 60000 or other clients out there are still trying to access it on that port at least.

                                    You can leave the block private networks rule it's not causing a problem.

                                    So what exactly is not working right now?

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • x2rlX Offline
                                      x2rl
                                      last edited by

                                      @stephenw10:

                                      On the WAN firewall rules page the 'States' column shows how much traffic has been passed by states opened by that rule. Yours shows the ~1GB has been passed so traffic is hitting that rule and being passed as expected.

                                      It looks like you changed the port forward back to 40000-41000 but the client is still sending port 60000 or other clients out there are still trying to access it on that port at least.

                                      You can leave the block private networks rule it's not causing a problem.

                                      So what exactly is not working right now?

                                      Steve

                                      whats not working? loads lol

                                      https://forum.pfsense.org/index.php?topic=146285.msg803597#msg803597
                                      https://forum.pfsense.org/index.php?topic=147982.0

                                      and posts 40000-41000 will not open

                                      They open fine on 10.0.0.1 but everything on this 10.0.1.1 is not working and nothing but trouble

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Ok but what makes you think ports 40k-41k are not open?

                                        They look to be open to me.

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • x2rlX Offline
                                          x2rl
                                          last edited by

                                          the test on deluge reports not open, never done that before.

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            For all 1000 ports? Can we see the result?

                                            Steve

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.