Port Forwarding Trouble, Need Advice on Additional Troubleshooting

TheStryder

This is my first foray into pfsense, so far it's been a great learning experience though I’m running into port forwarding issues.  Originally I thought it was just isolated to Plex Media Server but I’m realizing none of my ports are opened.  Key details below:

Hardware
• Supermicro A1SRi-2558F Intel Atom motherboard
• Intel Atom Processor C2558 CPU TDP 15W (4-Core)
• 8 GB RAM

Software
• pfsense 2.3.3-p1

Current Setup
• 4 LAN ports, one used as WAN, other three are bridged together into one LAN
• Successfully access internet
• Successfully access Plex Media Server via Samsung SMART TV connected via LAN cable (internal)
• WAN is connected to a PACE/Arris 5268AC router (provided by AT&T), all ports open, DMZ mode on, all data passes through.  Port forwarding to 32400 tested on ASUS RT-87 U router and confirmed working there.
• I have Snort on, but my port forwarding problem persists with it on or off.

Current Troubleshooting
• 4 LAN ports, one used as WAN, other three are bridged together into one LAN
• Successfully access internet
• Successfully access Plex Media Server via Samsung SMART TV connected via LAN cable (internal)
• Followed port forwarding guide here:  https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense
• Followed fort forwarding troubleshooting guide here:  https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
• Port forwarding on pfsense router not working, created NAT rule and firewall rule based on the settings here:  https://www.reddit.com/r/PleX/comments/2qxbqr/plex_via_pfsense/
• Also tried packet capture using open port check tool (canyouseeme.org) using my IP and port check, ping goes to WAN but not to LAN.  Please see log below:

What else am I missing here?  I've done perusal on the forums and followed a number of troubleshooting guides.  Sincerely appreciate any feedback on the matter.  This is my first time setting something like this up.

TheStryder

Below is the packet capture log:

08:23:15.903925 IP 172.16.1.34.45168 > 172.217.5.110.443: UDP, length 86
08:23:15.903946 IP 172.16.1.34.45168 > 172.217.5.110.443: UDP, length 180
08:23:15.925021 IP 172.217.5.110.443 > 172.16.1.34.45168: UDP, length 33
08:23:15.969539 IP 172.217.5.110.443 > 172.16.1.34.45168: UDP, length 93
08:23:15.995031 IP 172.16.1.34.45168 > 172.217.5.110.443: UDP, length 38
08:23:15.998517 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 77
08:23:15.998553 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 1380
08:23:15.998572 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 379
08:23:16.010013 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 77
08:23:16.010090 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 1380
08:23:16.010108 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 379
08:23:16.011008 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 77
08:23:16.011056 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 1380
08:23:16.011071 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 379
08:23:16.019044 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.021022 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.022009 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.030755 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.032502 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.032995 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.034023 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.035248 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.035744 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.051618 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47289, length 8
08:23:16.052332 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47289, length 8
08:23:16.077783 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 68
08:23:16.077808 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 49
08:23:16.077827 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 46
08:23:16.077998 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 0
08:23:16.079099 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 46
08:23:16.086015 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 45
08:23:16.086233 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 49
08:23:16.086426 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 0
08:23:16.089511 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 45
08:23:16.089535 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 49
08:23:16.089688 IP 172.16.1.34.54901 > 35.186.217.6.443: tcp 0
08:23:16.099523 IP 35.186.217.6.443 > 172.16.1.34.54901: tcp 0
08:23:16.552376 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47290, length 8
08:23:16.552911 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47290, length 8
08:23:17.084642 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47291, length 8
08:23:17.085288 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47291, length 8
08:23:17.236932 ARP, Request who-has 172.16.1.33 tell 172.16.0.1, length 46
08:23:17.586368 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47292, length 8
08:23:17.586952 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47292, length 8
08:23:17.905708 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 0
08:23:17.999388 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 0
08:23:18.000964 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 0
08:23:18.001450 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 601
08:23:18.093277 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 0
08:23:18.118652 IP 172.16.1.34 > 172.16.0.1: ICMP echo request, id 9358, seq 47293, length 8
08:23:18.119291 IP 172.16.0.1 > 172.16.1.34: ICMP echo reply, id 9358, seq 47293, length 8
08:23:18.184108 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 1460
08:23:18.184300 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 1460
08:23:18.184509 IP 52.202.215.126.80 > 172.16.1.34.18751: tcp 577
08:23:18.184732 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 0
08:23:18.224924 IP 172.16.1.34.17398 > 172.217.5.110.443: tcp 1
08:23:18.229879 IP 172.16.1.34.18751 > 52.202.215.126.80: tcp 0
08:23:18.240846 ARP, Request who-has 172.16.1.35 tell 172.16.0.1, length 46
08:23:18.240967 ARP, Reply 172.16.1.35 is-at 0c:c4:7a13:51, length 46
08:23:18.245573 IP 172.217.5.110.443 > 172.16.1.34.17398: tcp 0
08:23:18.254862 ARP, Request who-has 172.16.1.34 tell 172.16.0.1, length 46
08:23:18.254870 ARP, Reply 172.16.1.34 is-at 0c:c4:7a:da:20:60, length 28
08:23:18.328334 IP 172.217.5.106.443 > 172.16.1.34.10757: tcp 63
08:23:18.328788 IP 172.217.5.106.443 > 172.16.1.34.10757: tcp 0
08:23:18.329918 IP 172.16.1.34.10757 > 172.217.5.106.443: tcp 0
08:23:18.330052 IP 172.16.1.34.10757 > 172.217.5.106.443: tcp 0
08:23:18.352659 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 272
08:23:18.353463 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 272
08:23:18.353652 IP 172.217.5.106.443 > 172.16.1.34.10757: tcp 0
08:23:18.354593 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 281
08:23:18.355406 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 281
08:23:18.356465 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 336
08:23:18.357657 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 336
08:23:18.358614 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 346
08:23:18.359573 IP 1.1.1.9.53431 > 239.255.255.250.1900: UDP, length 346
08:23:18.408162 IP 172.16.1.34.29125 > 173.245.58.129.53: UDP, length 35
08:23:18.410979 IP 172.16.1.34.9928 > 216.87.152.33.53: UDP, length 43
08:23:18.411145 IP 172.16.1.34.59283 > 69.36.145.33.53: UDP, length 55
08:23:18.430628 IP 173.245.58.129.53 > 172.16.1.34.29125: UDP, length 169
08:23:18.430891 IP 172.16.1.34.12849 > 199.254.60.1.53: UDP, length 31
08:23:18.441189 IP 216.87.152.33.53 > 172.16.1.34.9928: UDP, length 115
08:23:18.441655 IP 69.36.145.33.53 > 172.16.1.34.59283: UDP, length 134
08:23:18.442021 IP 172.16.1.34.31890 > 109.151.245.52.443: tcp 0
08:23:18.460643 IP 199.254.60.1.53 > 172.16.1.34.12849: UDP, length 1621
08:23:18.460656 IP 199.254.60.1 > 172.16.1.34: ip-proto-17
08:23:18.461782 IP 172.16.1.34.11118 > 104.25.115.15.443: tcp 0
08:23:18.482792 IP 104.25.115.15.443 > 172.16.1.34.11118: tcp 0
08:23:18.483030 IP 172.16.1.34.11118 > 104.25.115.15.443: tcp 0
08:23:18.483313 IP 172.16.1.34.11118 > 104.25.115.15.443: tcp 370
08:23:18.504357 IP 104.25.115.15.443 > 172.16.1.34.11118: tcp 0
08:23:18.508032 IP 104.25.115.15.443 > 172.16.1.34.11118: tcp 105
08:23:18.509641 IP 172.16.1.34.11118 > 104.25.115.15.443: tcp 376
08:23:18.521459 IP 172.16.1.34.31305 > 172.217.5.110.443: UDP, length 254
08:23:18.543117 IP 172.217.5.110.443 > 172.16.1.34.31305: UDP, length 131
08:23:18.564289 IP 104.25.115.15.443 > 172.16.1.34.11118: tcp 0
08:23:18.568013 IP 172.217.5.110.443 > 172.16.1.34.31305: UDP, length 30
08:23:18.569101 IP 172.16.1.34.31305 > 172.217.5.110.443: UDP, length 38
08:23:18.616626 IP 109.151.245.52.443 > 172.16.1.34.31890: tcp 0
08:23:18.616988 IP 172.16.1.34.31890 > 109.151.245.52.443: tcp 0
08:23:18.617194 IP 172.16.1.34.31890 > 109.151.245.52.443: tcp 378

Jeremy11one

So you have Internet <> Arris Modem <> pfSense <> computers?

I recommend changing the modem to Bridge Mode so that you don't have to use its DMZ feature.  Your ISP should be able to do that for you.  Then, your pfSense box will get your public IP on its WAN interface (again, may need your ISP to reset a MAC address or something on their end for that to work by DHCP).  That should get you closer, if not completely fix your problem.  Right now, it sounds like you are doing double NAT, which is to be avoided.