Port forwarding giving me a headache



  • I installed pfSense last night and everything went better than I could have asked except one thing, I can't get port forwarding to work.  I have a router/wifi modem from the service provider.  I disabled the wifi and put the modem in bridge mode.  Everything came up perfectly the first time.  All my devices can access the internet fine.  However, I have a couple of things that require port forwarding and I have been trying different ideas from the internet for several hours with no luck so far.  An example would be a webcam. I need port 8081 open.  When I probe it from the outside using ShieldsUp, it shows the port as open, but I can't reach the webcam.

    I have included screen captures of my settings.

    I don't know what else to try.  The ONLY thing I noticed on the Arris modem was that it still has DHCP enabled on both the WAN and LAN.  Is that ok?  Everything is working like that except port forwarding, but that is the only thing that makes me pause.  On pfSense, my WAN address is correct, so I didn't think anything about it till I started having this problem.

    Any help would be greatly appreciated,
    robert
    ![pfsense 1.jpg_thumb](/public/imported_attachments/1/pfsense 1.jpg_thumb)
    ![pfsense 1.jpg](/public/imported_attachments/1/pfsense 1.jpg)
    ![pfsense 2.jpg](/public/imported_attachments/1/pfsense 2.jpg)
    ![pfsense 2.jpg_thumb](/public/imported_attachments/1/pfsense 2.jpg_thumb)
    ![pfsense 3.jpg](/public/imported_attachments/1/pfsense 3.jpg)
    ![pfsense 3.jpg_thumb](/public/imported_attachments/1/pfsense 3.jpg_thumb)



  • I didn't have "Enable UPnP & NAT-PMP" checked….Fixed.


  • LAYER 8 Global Moderator

    UPnP is not port forwarding that you set, that is set by the application..



  • So it seems you don't know exactly, what ports to forward. If you forward the correct ports it should work as well without UPnP.



  • @viragomann:

    So it seems you don't know exactly, what ports to forward. If you forward the correct ports it should work as well without UPnP.

    Well, I know I need port 8081 open.  It has worked on all the other firewalls I have used.  So, how more exact do I need to be?  If there is a way I can do it without UPnP, please let me know what I am doing wrong.  If you need more information from me other than what I posted above, just let me know.

    Thanks.



  • @robert4:

    It has worked on all the other firewalls I have used.

    Which had UPnP active?

    UPnP does no more than open ports and forward it to the requesting device in correlation with pfSense.

    @robert4:

    If there is a way I can do it without UPnP, please let me know what I am doing wrong.

    Check in Status > UPnP & NAT-PMP what's going on.



  • Should I be seeing 192.168.1.117 and port 8081 in it?  I attached a screenshot.

    Thanks for the help,
    robert

    ![pfsense 4.jpg](/public/imported_attachments/1/pfsense 4.jpg)
    ![pfsense 4.jpg_thumb](/public/imported_attachments/1/pfsense 4.jpg_thumb)


  • LAYER 8 Global Moderator

    What application are you wanting to work?  YOur 8081 is not there at all.

    Unless you put restrictions on UPnP any application can open any port it wants.. This is what makes it dangerious



  • @johnpoz:

    What application are you wanting to work?  YOur 8081 is not there at all.

    Unless you put restrictions on UPnP any application can open any port it wants.. This is what makes it dangerious

    OK, so pfSense said I needed to update the software.  I did.  It rebooted.  Now all my firewall rules are working.  Everything is good.  Hours on this and all I needed to do was either reboot or update the software.  I'm not sure which one did the trick, but at least I know I did it correctly to begin with.  UPnP is now turned off and everything is still working.

    Thank you very much for your time in this.  Next time I'll just reboot…...


  • LAYER 8 Netgate

    Next time I'll just reboot…...

    Completely unnecessary.

    It is possible that rebooting cleared something else like bad arp or something but you do not need to reboot to apply new port forwards/rules.


  • LAYER 8 Global Moderator

    Pfsense said what?  Pfsense never says it has to update the software..  If you had just installed it would of been current

    2.3.1-RELEASE-p5 (amd64)
    built on Thu Jun 16 12:53:15 CDT 2016
    FreeBSD 10.3-RELEASE-p3

    2.3.2 is not out yet.  And doesn't say it needs to update, will show you there is new version available..  But it doesn't say anything about having to reboot?



  • @johnpoz:

    Pfsense said what?  Pfsense never says it has to update the software..  If you had just installed it would of been current

    2.3.1-RELEASE-p5 (amd64)
    built on Thu Jun 16 12:53:15 CDT 2016
    FreeBSD 10.3-RELEASE-p3

    2.3.2 is not out yet.  And doesn't say it needs to update, will show you there is new version available..  But it doesn't say anything about having to reboot?

    On the status page, I noticed that an update was available.  I told it to update.  When it was done, it said it was going to reboot in 90ish seconds.  True to it's word, it did.  When it came back up, everything worked.


Log in to reply