Port forward issue

DKentoy

I have a NAS and I have application that need 51413 port open. This is what I have done:

https://imgur.com/j3KgDF3
https://imgur.com/N8EMBwg

But if I try to go and check on http://canyouseeme.org/ I get an error that it's not working.

Have I done something wrong?

viragomann

And what's the according filter rule?

johnpoz

And what are the rules on your wan? And you sure its only tcp, if your using p2p is normally udp. Which hard to validate with can you see me. But transmission uses udp and tcp does it not.

Also many a isp might block the default ports. Validate the traffic actually gets to your wan. And validate your client is actually listening on that port. Its all in the troubleshooting guide

https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

AndresCT46

@valnurat

In destination, select "single host or Aliases" and write 192.168.1.160.

The rest is the same.

DKentoy

@viragomann said in Port forward issue:

And what's the according filter rule?

https://imgur.com/R0d9fPZ
https://imgur.com/mxxQvvE

DKentoy

@johnpoz said in Port forward issue:

And what are the rules on your wan? And you sure its only tcp, if your using p2p is normally udp. Which hard to validate with can you see me. But transmission uses udp and tcp does it not.

Also many a isp might block the default ports. Validate the traffic actually gets to your wan. And validate your client is actually listening on that port. Its all in the troubleshooting guide

https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

I had transmission running on my Airport Express before without any issues. After I have pfSense I can't get it to work. It will not start to download, so I as thinking it could be because of the port.

I have followed the guide for troubleshooting, but that didn't changed anything.

johnpoz

followed the guide and what did you find? Since your port forward would be working if you followed the guide and didn't find anything.

What are the those pictures suppose to show exactly? Post up your port forwards and wan rules... How hard is it to post a simple screenshot???

DKentoy

@andresct46 said in Port forward issue:

@valnurat

In destination, select "single host or Aliases" and write 192.168.1.160.

The rest is the same.

Didn't changed anything, sorry.

@johnpoz said in Port forward issue:

followed the guide and what did you find? Since your port forward would be working if you followed the guide and didn't find anything.

I changed my setting by using Method 1: NAT Reflection and I looked into the logfiles, but I see a message "Default deny rule IP4

DKentoy

This post is deleted!

johnpoz

What are those firewall logs suppose to show have anything to do with your port forward of UDP? Those are RA blocks on your lan by the default deny... Has ZERO to do with your port forward..

Can you post up your port forward tab and and your wan tab - exactly like I did...

DKentoy

@johnpoz said in Port forward issue:

What are those firewall logs suppose to show have anything to do with your port forward of UDP? Those are RA blocks on your lan by the default deny... Has ZERO to do with your port forward..

Can you post up your port forward tab and and your wan tab - exactly like I did...

It was just part of the troubleshooting - well never mind.

Grimson

So it's point number 1 on the troubleshooting page, you didn't follow the instructions here: https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html (Hint: Your Dest. Address is wrong). Place a big "RTFM" on your desk.

DKentoy

Yes, I did followed the instructions, but what do you mean by point number 1? If it my destination that is the problem what should it be then? Because maybe I don't understand it and that the reason why I guess there is this forum to get some help, right?

johnpoz

That is NEVER going to work... Your dest address when you do your port forward would be the WAN ADDRESS... This is the default when you click on port forward..

Its like you have to work at messing up port forwards ;) Been here like 10 years and I don't think I have ever come across a port forward issue what was not PEBKAC...

When you click the add button, your typical setup will be like 2 things you have to put in, the port and the IP you want to forward too.. Its like you on purpose have to try to F it up ;)

These are the only things your normal port forward has to edit. And the first 1 is maybe.. Since majority will be tcp.. So while its 3 boxes - 2 most of the time going to be drop down on the common protocol

I am more than happy to help - and no offense meant but this gets so OLD... its always the same thing - pages of pulling teeth to get a simple 2 second screenshot and then your problem will be obvious to pretty much anyone here.

DKentoy

I'm not trying to be a fool here, but is this not what I posted in the first link in my post#1?

And if you see in post #4 I was recommended to change my Destination: from WAN address to Single host or alias by Mr. andresCT46

johnpoz

And what did I say about that external link, in my first post ;)

How come it shows wan address in that image, but in your listing of your actual rules it shows the 192.168.x.x address

Post up the tab so can see info!! Not while the user is creating/editing the rule.. You have no idea what they do in the process.

Sorry - I see that, yeah sorry its a forum.. Sometimes idiots chime in with bad advice ;) Most of the time they are trying to help - but its the blind leading the blind ;)

And again all the info needed to troubleshoot why your port forward isn't working is listed in the troubleshoot guide.. Post up your tabs.. If they are correct, then simple packet capture to figure out where its failing - traffic not getting to pfsense wan, where you send not answering, etc.

DKentoy

@johnpoz said in Port forward issue:

And what did I say about that external link, in my first post ;)

You said: How hard can it be to add a screenshot.
but I thought you looked at it anyway.

How come it shows wan address in that image, but in your listing of your actual rules it shows the 192.168.x.x address

That I can't explain. I didn't created the rule. I think the rule is being created when I create the NAT.

DKentoy

I haven't solved my issues yet, but I have been told that I can't do a port forwarding if I don't have a static IP. Is that true?

Derelict

@valnurat said in Port forward issue:

I haven't solved my issues yet, but I have been told that I can't do a port forwarding if I don't have a static IP. Is that true?

Not true at all. Use WAN address as the port forward Destination Address.

johnpoz

@valnurat said in Port forward issue:

I have been told that I can't do a port forwarding if I don't have a static IP. Is that true?

Where exactly are you getting this nonsense??