Port forwarding not working
-
I have the following setup. I have my ISP router that would have my public IP address on the inside and my private address inside:192.168.1.1. From here I have only 1 connection to pfsense which have 4 nics installed, WAN, LAN, DMZ and Wifi. My WAN range is 20.0.0.0/24 where I have 1 web server I want to expose to the internet. This server is 20.0.0.2. I forwarded port 443 on my router to 192.168.0.4 (IP address of NIC in pfsense connecting to the WAN. Then I have forwarded port 443 WAN to 20.0.0.2 in my DMZ. I make use of DynDNS. I still can’t access the server from the internet. See image of my network layout.
-
@wdeswardt said in Port forwarding not working:
I forwarded port 443 on my router to 192.168.0.4 (IP address of NIC in pfsense connecting to the WAN
Your image shows another IP.
Then I have forwarded port 443 WAN to 20.0.0.2 in my DMZ.
Post the NAT rule, please.
I make use of DynDNS.
So your public IP is not static, I guess.
Better to use the IP for testing purposes.To investigate you can sniff the traffic on the WAN and DMZ interfaces on pfSense.
-
-
@wdeswardt If the forwarded traffic is coming from another device with a private address on the same network then you need to make sure you don't have your pfSense WAN configured to block rfc1918 traffic or it will reject anything coming from the ISP router. Go to Interfaces - WAN and uncheck the Block private networks and loopback addresses box then try your tests again.
-
@wdeswardt
So as I understand your set up, you have a dynamic public IP on your ISP router and additionally a public static IP range, which you want to use inside behind pfSense in the DMZ.Forwarding the traffic to the pfSense WAN address makes no sense with this set up and it doesn't match to the forwarding you set on pfSense.
You should better route the packets to the pfSense WAN IP without NAT. On pfSense then you only need a firewall rule to allow it.Moreover it is recommended to bridge the ISP router if possible.
With NAT as you do on the router, the destination IP in forwarded packets is the pfSense WAN address when arriving, so you had to use that also in the NAT rule instead DMZ address.
What @KOM suggested only comes into play if your router does S-NAT on forwarded packets. Some ISP router do this by default, but it should be possible to disable it.
-
@viragomann Yes I have a DynDNS. I will go and check what @KOM said and that is to uncheck Block Private Networks. I will check that and will
-
@wdeswardt Before I had pfSense between my ISP router and my network port forwarding was working from my router to my server, but after I place pfSense port forwarding is no longer working.
-
@wdeswardt Yes that's completely understandble if you don't have port-forwards properly configured on pfSense, or if you have some other connectivity issue.
-
@wdeswardt said in Port forwarding not working:
but after I place pfSense port forwarding is no longer working.
I had my TV all setup with my favorite channels, and my apps installed, netflix, hulu. Then I got a new TV and all this is gone.. WTF ;)
Same thing happened when I got new car - radio channels not setup like I like them, my seat was in the perfect position before. Had to redo all that stuff - wtf! ;)
-
@johnpoz said in Port forwarding not working:
Same thing happened when I got new car - radio channels not setup like I like them, my seat was in the perfect position before. Had to redo all that stuff - wtf! ;)