Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Server Not Accessible from Internet (Port Blocked)

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 440 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      digger30
      last edited by

      Static IP > ISP Router > Server NIC (PFSense)
      Public IP > 192.168.3.x > 192.168.3.21 (DHCP enabled)

      Due to the setup in our office my ISP cannot remove or bridge the router so my WAN address is an internal 192.168.3.X

      I simply want Pfsense to forward the web ports to a webserver we have but i simply cannot get it to work. I have tried an external port checker and it shows port 80 is closed.

      If i put my own office router in it works perfectly but without the pfsense firewall
      Static IP > ISP Router > Office Router > Webserver - port forwarding to the web server works fine

      I'm running Pfsense on a virtual machine and have put it on the same virtual switch as the webservers in hope to get it running before i attempt to put them on their own DMZ network

      I can access the server by internal IP and the internal network can browse the internet. The server can also ping external networks

      I'm lost at what to try next, any ideas?

      alt text

      Configs:
      alt text
      alt text
      alt text
      alt text
      alt text
      alt text

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by Derelict

        https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

        Notice how the counters on those rules are 0/0. That indicates the traffic isn't even arriving on WAN.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • D
          digger30
          last edited by

          yes i am used a external port checker which shows they are blocked hence no traffic

          I have tried split DNS, NAT reflection, checking the firewall logs but to no avail over 3 days

          Very strange that i can replace PFsense with my standard router and there are no issues - all required ports open

          Being new to Pfsense the only thing i thought it could be was the destination was wrong on the NAT port forward - should this be set to my external IP rather than WAN?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Your port forwards look fine. You are replacing a presumably physical router with a VM. Maybe there's something wrong with how you configured that infrastructure.

            The problem is likely the traffic is not arriving on WAN at all. pfSense cannot act on traffic it never sees on its interfaces. Check (really check) everything in that troubleshooting doc.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Normally you would have 2 vSwitches, one for WAN and one for LAN. Then you create a pfSense VM with two NICs, one on the WAN switch, the other on the LAN switch. You connect the WAN switch to your physical NIC and your VMs all connect to the LAN switch.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.