Port Forwarding
-
I can connect to the server from the internal IP from the LAN then I connect to a hotspot to test the WAN connection
-
Yes, but what I mean is if you have tested to connect any of the forwarded port when you are not physically on the inside of the pfSense machine (LAN), becaus the you also need to make sure NAT-reflection is set up and working.
For me Nat reflection only works if I select NAT + Proxy mode.
-
@no_jah oh I see sorry, yes I have used a different device. I did change the NAT reflection but this also didn't work.
-
Did you change to NAT + Proxy at System / Advanced, or at the NAT rule?
I recommend you set it at Systen / Anvanced, and then select Use system default at the NAT rule? -
@no_jah Ive gone ahead and set that but still no luck. Its weird ive never had this issue, Ive got a plex server set up at home fine through FTP
-
When I compare my port forward with the images you atatched I see a couple differences
- On port forward page I have WAN address instead of WAN net as Destination
- On the FW rule page I have any instead of WAN net as Source
-
Source of wan net would only allow IP from the wan net, ie the transit network that connects you to your ISP.. that is NOT the internet.
Also dest should be your wan address...
-
@no_jah I did in fact make these changes previously and didn't update the reference photos so these are the updated photos
-
Just to really be sure you connect from the outside, try to use:
https://www.yougetsignal.com/tools/open-ports/There you enter your wan IP if it's not already picked up, and enter the port you want to check
-
@no_jah Just tried that
-
please post your wan rules and screenshot of your port forwards.
This is drop dead simple to do.. Follow the guide and you will find your issue within a couple of minutes.
https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html
First thing to do if you feel your rules are correct is actually validate the traffic hits your WAN... Its impossible for pfsense to forward something it never gets. If pfsense gets it, then sniff on your lan interface of pfsense - does it send on... If so then problem is in your network or the host your sending it too.. Wrong host? Host firewall.. Host not even listening for that service, etc..
-
@johnpoz Theres the rule. Thanks for the article ill take a look now
-
NO post up your wan Rules!! And your port forwards page..
Example - here is mine
For all we know you have a rule above the rule that allows the nat blocking.. Say pfblocker rules for example... Rules are evaluated top down, first rule to trigger wins, no other rules evaluated. So we need to see rules on WAN so can tell if there is something that would block the auto rule that gets created for your nat, etc.
-
-
Wow you actually see hits on your Bogon Rules? See that 636 B... Curious wtf that is... Also have hits on your block rfc1918 rules..
I see some hits on your 21 firewall rule... So I would think traffic is getting to your wan... So do a packet captures and validate being sent to your host... You should see the SYN to port 21, if you go to can you see me . org, etc.
-
Could it be that the internal IP of your FTP-server has changed since you set up the port forward?
-
@no_jah I checked that earlier just incase
-
And no Firewall software blocking incoming connections on the FTP-server computer?
-
Do your sniff, diag packet capture on your lan interface... Do you see the syn to your ftp server private IP... If you do not see an answer its not pfsense that is your problem.
Here I just setup a port forward for ftp (21) and can you see me shows closed..
See how my client on 192.168.2.11 sent a RST... Basically he said to F off ;)
