Portforwarding to vlan not working

  • Hi,

    I'm trying to port forward three port to a server on one of my vlan. But when I set up the port forwarding it does not work.

    This is the forwarding and the firewall rule that is automatic generated.

    What is wrong?
    ![Port forwarding.JPG](/public/imported_attachments/1/Port forwarding.JPG)
    ![Port forwarding.JPG_thumb](/public/imported_attachments/1/Port forwarding.JPG_thumb)

  • LAYER 8 Global Moderator

    well those look correct.. Have you gone over

  • Yes I have, but I can't find the reason why it's not working.
    The server is listening internal, but when I check canuseeme.org it reply not open.

    It is something with my config, because it works fine when I test with my original router with portforwarding.

    I use dual WAN, but the forwarding is on this default gateway.

  • LAYER 8 Global Moderator

    Well go through the steps in that doc.. So you said you checked with can you seeme.. So did you sniff when you were checking on your wan and see the traffic?  Pfsense can ot forward what it does not see!  Do you have anything in front of pfsense?

    If you see the traffic on pfsense wan, then sniff on the lan - do you see pfsense sending it out?  Do you see an answer from your server your forwarding too?  If not, you sure your sending to the correct IP?  Is where your sending seeing the traffic?  Is he using pfsense as his gateway, is he running a firewall.

    All of the things that you need to check are in that doc, and will help you pinpoint where you issue is!!  Troubleshooting port forwarding is really like 30 seconds.  Either the traffic is not there, you made a mistake in the forward, or server is not getting it or firewalled it, or sending answer back to wrong place, etc..

  • The tings that I did:

    • Testing with my orginal router, access to my server is ok on those three ports. I left the machine on my 4G network untouched so I know it tries to connect to my server. I have static IP, so I know it points at correct IP.
    • Connceted pfSense. I can see in my Firewall system log that my machine is trying to connect on my wan, but is blocked.
    • When I check my States, vlan30 and wanfiber is somhow connected
    • Checked packets capture and I see some traffic. But it say TCP 0. What does that mean?
    • My server does not see the pakets. All the IP settings are ok.
    • There is no firewall on my server, and I know it works because it works with my original router. All settings are the same.
    • I know it should be easy to find the fault, but so far I have not :)
    • But I won't give up


    There is no traffic on the LAN side, so it is stopped by the firewall somehow.

    ![WAN packet capture.JPG](/public/imported_attachments/1/WAN packet capture.JPG)
    ![WAN packet capture.JPG_thumb](/public/imported_attachments/1/WAN packet capture.JPG_thumb)
    ![LAN packet capture.JPG](/public/imported_attachments/1/LAN packet capture.JPG)
    ![LAN packet capture.JPG_thumb](/public/imported_attachments/1/LAN packet capture.JPG_thumb)

  • Well, problem solved :)

    Wrong destination setting

  • LAYER 8 Global Moderator

    Well sounds like you found the problem.. But there is ZERO reason to obfuscate rfc1918 address space, ie your 192.168.30..

  • Do mean my wanfiber rule that blocks rfc1918 adress?

    This is defalut wan settings in pfsense, so I just left it ticked…

    Should I remove it?

  • :) language barriers can be funny :)

  • Banned

    Yes, you most definitely should untick that when your "WAN" IP is RFC1918.

  • Hehehe, now I understood … Yes language can be funny, and yes I know rfc1918 ip's are not necessary to hide. Don't know why I did it  ;D