Port Forwarding Trouble, Need Advice on Additional Troubleshooting



  • This is my first foray into pfsense, so far it's been a great learning experience though I’m running into port forwarding issues.  Originally I thought it was just isolated to Plex Media Server but I’m realizing none of my ports are opened.  Key details below:

    Hardware
    • Supermicro A1SRi-2558F Intel® Atom motherboard
    • Intel® Atom™ Processor C2558 CPU TDP 15W (4-Core)
    • 8 GB RAM

    Software
    • pfsense 2.3.3-p1

    Current Setup
    • 4 LAN ports, one used as WAN, other three are bridged together into one LAN
    • Successfully access internet
    • Successfully access Plex Media Server via Samsung SMART TV connected via LAN cable (internal)
    • WAN is connected to a PACE/Arris 5268AC router (provided by AT&T), all ports open, DMZ mode on, all data passes through.  Port forwarding to 32400 tested on ASUS RT-87 U router and confirmed working there.
    • I have Snort on, but my port forwarding problem persists with it on or off.

    Current Troubleshooting
    • 4 LAN ports, one used as WAN, other three are bridged together into one LAN
    • Successfully access internet
    • Successfully access Plex Media Server via Samsung SMART TV connected via LAN cable (internal)
    • Followed port forwarding guide here:  https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense
    • Followed fort forwarding troubleshooting guide here:  https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
    • Port forwarding on pfsense router not working, created NAT rule and firewall rule based on the settings here:  https://www.reddit.com/r/PleX/comments/2qxbqr/plex_via_pfsense/
    • Also tried packet capture using open port check tool (canyouseeme.org) using my IP and port check, ping goes to WAN but not to LAN.  Please see log below:

    What else am I missing here?  I've done perusal on the forums and followed a number of troubleshooting guides.  Sincerely appreciate any feedback on the matter.  This is my first time setting something like this up.



  • Below is the packet capture log:

    08:23:15.903925 IP 172.16.1.34.45168 > 172.217.5.110.443: UDP, length 86
    08:23:15.903946 IP 172.16.1.34.45168 > 172.217.5.110.443: UDP, length 180
    08:23:15.925021 IP 172.217.5.110.443 > 172.16.1.34.45168: UDP, length 33
    08:23:15.969539 IP 172.217.5.110.443 > 172.16.1.34.45168: UDP, length 93
    08:23:15.995031 IP 172.16.1.34.45168 > 172.217.5.110.443: UDP, length 38
    08:23:15.998517 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 77
    08:23:15.998553 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 1380
    08:23:15.998572 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 379
    08:23:16.010013 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 77
    08:23:16.010090 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 1380
    08:23:16.010108 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 379
    08:23:16.011008 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 77
    08:23:16.011056 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 1380
    08:23:16.011071 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 379
    08:23:16.019044 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.021022 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.022009 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.030755 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.032502 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.032995 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.034023 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.035248 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.035744 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.051618 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47289, length 8
    08:23:16.052332 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47289, length 8
    08:23:16.077783 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 68
    08:23:16.077808 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 49
    08:23:16.077827 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 46
    08:23:16.077998 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 0
    08:23:16.079099 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 46
    08:23:16.086015 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 45
    08:23:16.086233 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 49
    08:23:16.086426 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 0
    08:23:16.089511 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 45
    08:23:16.089535 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 49
    08:23:16.089688 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 0
    08:23:16.099523 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
    08:23:16.552376 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47290, length 8
    08:23:16.552911 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47290, length 8
    08:23:17.084642 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47291, length 8
    08:23:17.085288 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47291, length 8
    08:23:17.236932 ARP, Request who-has 172.16.1.33 tell 172.16.0.1, length 46
    08:23:17.586368 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47292, length 8
    08:23:17.586952 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47292, length 8
    08:23:17.905708 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 0
    08:23:17.999388 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 0
    08:23:18.000964 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 0
    08:23:18.001450 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 601
    08:23:18.093277 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 0
    08:23:18.118652 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47293, length 8
    08:23:18.119291 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47293, length 8
    08:23:18.184108 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 1460
    08:23:18.184300 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 1460
    08:23:18.184509 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 577
    08:23:18.184732 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 0
    08:23:18.224924 IP 172.16.1.34.17398 > 172.217.5.110.443: tcp 1
    08:23:18.229879 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 0
    08:23:18.240846 ARP, Request who-has 172.16.1.35 tell 172.16.0.1, length 46
    08:23:18.240967 ARP, Reply 172.16.1.35 is-at 0c:c4:7a🇩🇪13:51, length 46
    08:23:18.245573 IP 172.217.5.110.443 > 172.16.1.34.17398: tcp 0
    08:23:18.254862 ARP, Request who-has 172.16.1.34 tell 172.16.0.1, length 46
    08:23:18.254870 ARP, Reply 172.16.1.34 is-at 0c:c4:7a:da:20:60, length 28
    08:23:18.328334 IP 172.217.5.106.443 > 172.16.1.34.10757: tcp 63
    08:23:18.328788 IP 172.217.5.106.443 > 172.16.1.34.10757: tcp 0
    08:23:18.329918 IP 172.16.1.34.10757 > 172.217.5.106.443: tcp 0
    08:23:18.330052 IP 172.16.1.34.10757 > 172.217.5.106.443: tcp 0
    08:23:18.352659 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 272
    08:23:18.353463 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 272
    08:23:18.353652 IP 172.217.5.106.443 > 172.16.1.34.10757: tcp 0
    08:23:18.354593 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 281
    08:23:18.355406 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 281
    08:23:18.356465 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 336
    08:23:18.357657 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 336
    08:23:18.358614 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 346
    08:23:18.359573 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 346
    08:23:18.408162 IP 172.16.1.34.29125 > 173.245.58.129.53: UDP, length 35
    08:23:18.410979 IP 172.16.1.34.9928 > 216.87.152.33.53: UDP, length 43
    08:23:18.411145 IP 172.16.1.34.59283 > 69.36.145.33.53: UDP, length 55
    08:23:18.430628 IP 173.245.58.129.53 > 172.16.1.34.29125: UDP, length 169
    08:23:18.430891 IP 172.16.1.34.12849 > 199.254.60.1.53: UDP, length 31
    08:23:18.441189 IP 216.87.152.33.53 > 172.16.1.34.9928: UDP, length 115
    08:23:18.441655 IP 69.36.145.33.53 > 172.16.1.34.59283: UDP, length 134
    08:23:18.442021 IP 172.16.1.34.31890 > 109.151.245.52.443: tcp 0
    08:23:18.460643 IP 199.254.60.1.53 > 172.16.1.34.12849: UDP, length 1621
    08:23:18.460656 IP 199.254.60.1 > 172.16.1.34: ip-proto-17
    08:23:18.461782 IP 172.16.1.34.11118 > 104.25.115.15.443: tcp 0
    08:23:18.482792 IP 104.25.115.15.443 > 172.16.1.34.11118: tcp 0
    08:23:18.483030 IP 172.16.1.34.11118 > 104.25.115.15.443: tcp 0
    08:23:18.483313 IP 172.16.1.34.11118 > 104.25.115.15.443: tcp 370
    08:23:18.504357 IP 104.25.115.15.443 > 172.16.1.34.11118: tcp 0
    08:23:18.508032 IP 104.25.115.15.443 > 172.16.1.34.11118: tcp 105
    08:23:18.509641 IP 172.16.1.34.11118 > 104.25.115.15.443: tcp 376
    08:23:18.521459 IP 172.16.1.34.31305 > 172.217.5.110.443: UDP, length 254
    08:23:18.543117 IP 172.217.5.110.443 > 172.16.1.34.31305: UDP, length 131
    08:23:18.564289 IP 104.25.115.15.443 > 172.16.1.34.11118: tcp 0
    08:23:18.568013 IP 172.217.5.110.443 > 172.16.1.34.31305: UDP, length 30
    08:23:18.569101 IP 172.16.1.34.31305 > 172.217.5.110.443: UDP, length 38
    08:23:18.616626 IP 109.151.245.52.443 > 172.16.1.34.31890: tcp 0
    08:23:18.616988 IP 172.16.1.34.31890 > 109.151.245.52.443: tcp 0
    08:23:18.617194 IP 172.16.1.34.31890 > 109.151.245.52.443: tcp 378



  • So you have Internet <> Arris Modem <> pfSense <> computers?

    I recommend changing the modem to Bridge Mode so that you don't have to use its DMZ feature.  Your ISP should be able to do that for you.  Then, your pfSense box will get your public IP on its WAN interface (again, may need your ISP to reset a MAC address or something on their end for that to work by DHCP).  That should get you closer, if not completely fix your problem.  Right now, it sounds like you are doing double NAT, which is to be avoided.


Log in to reply