Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port forwarding – again!

    Firewalling
    3
    5
    4346
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jespejo last edited by

      I have read many how-to's, walk-thrus and videos on the web. I have tried all of them and I cannot get port forwarding on my non-LAN interfaces I am hoping someone can pin the ah-ha moment for me…..

      pfsense is a standalone 4 NIC box. WAN, LAN (192.168.1.1), Opt1(x.x.2.1), Opt2(x.x.3.1) with a physical nic on each with DHCP on all (internet on all are working)

      I want to port forward 9987 to 192.168.2.51 (static) on Opt1.

      I created NAT rule,  it auto created an entry in Firewall\Rules
      Nat Rule is
      WAN, UDP, *, *,WAN Address, 9987, 192.168.2.51, 9987, Teamspeak

      I have tried Nat Reflection on the rule (both Pure and proxy) and I can only connect using None and the internal IP

      I tried a couple of variations of the rules and I am feeling that there need a rule in Opt1 not just in WAN, so I did and it still not working. I know its somewhere in the syntax.

      I also have friends trying to connect with my External IP address and FQN and since this is a UDP port I cannot use Web Port checkers like
      http://www.canyouseeme.org/

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

        If I had to guess it's the firewall on the 192.168.2.51 host.

        https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • J
          jespejo last edited by

          Thanks derelict.

          I currently have the nat forwarding to the pc which seems wrong. Is it suppose to be wan open to opt1 gateway then on opt1 forward pc to gateway?

          Or is there a way to just make opt1 totally bypass the firewall and make it totally dmz. I know this is two different questions. But related,in my case this interface really can be exposed and not firewall at all, it only has a gaming server.

          I was going port forwarding approach as it seemed easier.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            " and I am feeling that there need a rule in Opt1 not just in WAN,"

            Huh… Rules are evaluated on the interface where it first enters the firewall.. So if I am on the public internet - what interface would I first hit?  Wan would be the correct answer..  So your telling pfsense hey you see traffic to your wan IP, udp port xyz - send it to this guy..

            The return traffic will be taken care of by the state that pfsense would create when it allows the traffic and forwards it.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • J
              jespejo last edited by

              Thank you , that is what I expected but thought it was not working, I am now realizing debugging is totally different without Nat Reflection or a separate device (iphone) doing testing. I was using the Nat reflection on the rule level and it seems it does not work for me, once I used the global setting all was working.  I got the FTP working per the instructions and now port 9987 for Teamspeak.

              This has been a little hard for me, I just migrated off Smoothwall (which I was on for 4 years)  :'( and its totally different structure. I do like Pfsense as it really has so much more capability that I am going to need for a work/fun lab.

              I appreciate everyone's input, instruction pointing and logic setting. Last parting question or suggestion, does leaving  Global Nat PURE, on all the time, cause any issues, or is it really for testing purposes?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post