1. Home
  2. pfSense® Software
  3. NAT
  4. Help Port Forward not working

Help Port Forward not working

  • H

    Hello,
    I use PfSense 2.2.6
    I created NAT Port forward in WebGUI but can't see in command line and NAT not working

    0
  • H

    NAT Port forward

    ![nat port forward.png](/public/imported_attachments/1/nat port forward.png)
    ![nat port forward.png_thumb](/public/imported_attachments/1/nat port forward.png_thumb)

    0
  • H

    Show NAT rules

    /var/log: pfctl -sn
    no nat proto carp all
    nat-anchor "natearly/" all
    nat-anchor "natrules/    " all
    nat on pppoe1 from <tonatsubnets>to any port = isakmp -> (pppoe1) round-robin static-port
    nat on pppoe1 from <tonatsubnets>to any -> (pppoe1) port 1024:65535 round-robin
    nat on pppoe2 from <tonatsubnets>to any port = isakmp -> (pppoe2) round-robin static-port
    nat on pppoe2 from <tonatsubnets>to any -> (pppoe2) port 1024:65535 round-robin
    no rdr proto carp all
    rdr-anchor "relayd/" all
    rdr-anchor "tftp-proxy/    " all
    rdr-anchor "miniupnpd" all</tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets>

    0
  • H

    In Firewall/NAT, I set NAT Reflection mode for port forwards: Enable (Pure NAT) and enable automatic outbound NAT for Reflection

    ![nat config.png](/public/imported_attachments/1/nat config.png)
    ![nat config.png_thumb](/public/imported_attachments/1/nat config.png_thumb)

    0
  • johnpoz
    LAYER 8 Global Moderator

    You didn't seem to link the nat to a firewall rule on the interface your wanting to nat from.. Are you testing it via nat reflection or from actual outside.  Your top forward has a link to firewall rule.

    Did you go through the troubleshooting doc - where are you failing?

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    0
  • H

    I was see link rule in firewall

    ![link rule firewall.png](/public/imported_attachments/1/link rule firewall.png)
    ![link rule firewall.png_thumb](/public/imported_attachments/1/link rule firewall.png_thumb)

    0
  • H

    I am newbie in Pfsense and i don't know "testing it via nat reflection or from actual outside". Please help me about that

    0
  • johnpoz
    LAYER 8 Global Moderator

    are you inside your network hitting your public IP hoping to be reflected back in… Or are you testing from outside your network to your public IP?

    That port does not match any of your forwards.. Your post shows port 3299 but your forwards are 3306

    0
  • H

    When I telnet IP public, its fail


    0
  • johnpoz
    LAYER 8 Global Moderator

    you telnet from where?

    And what is wanvpnt?  Is that some vpn interface.. Are they forwarding inbound.. Go through the doc..  Validate that the traffic is even hitting pfsense to be able to forward..

    It really should only take about 30 seconds to figure out what is wrong with a port forward.. Pfsense can not forward what it is not seeing is a very common issue..  Wrong port used, or server has its own firewall blocking the traffic, etc..

    A 30 second sniff on your wan and then lan interface tells you if the traffic is being seen and forwarded to what you want to forward it to, etc.

    canyouseeme.org is a handy site to validate a port is open from outside your network..

    0
  • H

    I am telnet from Internet
    WANVNPT is interface WAN. I have two interfaces WAN, and running load balancing. And WANVNPT is not default
    When I telnet from Internet, port is close in pfsense
    Before i reboot pfsense, its action normal
    After reboot, i can't NAT.

    0
  • Derelict
    LAYER 8 Netgate

    /var/log: pfctl -sn
    no nat proto carp all
    nat-anchor "natearly/" all
    nat-anchor "natrules/    " all
    nat on pppoe1 from <tonatsubnets>to any port = isakmp -> (pppoe1) round-robin static-port
    nat on pppoe1 from <tonatsubnets>to any -> (pppoe1) port 1024:65535 round-robin
    nat on pppoe2 from <tonatsubnets>to any port = isakmp -> (pppoe2) round-robin static-port
    nat on pppoe2 from <tonatsubnets>to any -> (pppoe2) port 1024:65535 round-robin
    no rdr proto carp all
    rdr-anchor "relayd/" all
    rdr-anchor "tftp-proxy/    " all</tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets>

    Port forwards are rdr rules and will come after that. Did you trim the output? If so you didn't show the rules you are asking about.

    Your original image did not show port 3299. What specific port forward is not working?

    Look at - really look at - all of these things:

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    0
  • H

    original image is a part of NAT.
    I am trying NAT port forward 3299 via WANVNPT (its WAN interface)
    Its all show when i check nat firewall use command line

    /var/log: pfctl -sn
    no nat proto carp all
    nat-anchor "natearly/" all
    nat-anchor "natrules/    " all
    nat on pppoe1 from <tonatsubnets>to any port = isakmp -> (pppoe1) round-robin static-port
    nat on pppoe1 from <tonatsubnets>to any -> (pppoe1) port 1024:65535 round-robin
    nat on pppoe2 from <tonatsubnets>to any port = isakmp -> (pppoe2) round-robin static-port
    nat on pppoe2 from <tonatsubnets>to any -> (pppoe2) port 1024:65535 round-robin
    no rdr proto carp all
    rdr-anchor "relayd/" all
    rdr-anchor "tftp-proxy/    " all</tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets>

    0
  • H

    [Solved]

    I installed pfsense version 2.3.4 and restore config. Its working

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy