Help Port Forward not working

hungkh

Hello,
I use PfSense 2.2.6
I created NAT Port forward in WebGUI but can't see in command line and NAT not working

hungkh

NAT Port forward

![nat port forward.png](/public/imported_attachments/1/nat port forward.png)
![nat port forward.png_thumb](/public/imported_attachments/1/nat port forward.png_thumb)

hungkh

Show NAT rules

/var/log: pfctl -sn
no nat proto carp all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on pppoe1 from <tonatsubnets>to any port = isakmp -> (pppoe1) round-robin static-port
nat on pppoe1 from <tonatsubnets>to any -> (pppoe1) port 1024:65535 round-robin
nat on pppoe2 from <tonatsubnets>to any port = isakmp -> (pppoe2) round-robin static-port
nat on pppoe2 from <tonatsubnets>to any -> (pppoe2) port 1024:65535 round-robin
no rdr proto carp all
rdr-anchor "relayd/" all
rdr-anchor "tftp-proxy/" all
rdr-anchor "miniupnpd" all</tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets>

hungkh

In Firewall/NAT, I set NAT Reflection mode for port forwards: Enable (Pure NAT) and enable automatic outbound NAT for Reflection

![nat config.png](/public/imported_attachments/1/nat config.png)
![nat config.png_thumb](/public/imported_attachments/1/nat config.png_thumb)

johnpoz

You didn't seem to link the nat to a firewall rule on the interface your wanting to nat from.. Are you testing it via nat reflection or from actual outside. Your top forward has a link to firewall rule.

Did you go through the troubleshooting doc - where are you failing?

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

hungkh

I was see link rule in firewall

![link rule firewall.png](/public/imported_attachments/1/link rule firewall.png)
![link rule firewall.png_thumb](/public/imported_attachments/1/link rule firewall.png_thumb)

hungkh

I am newbie in Pfsense and i don't know "testing it via nat reflection or from actual outside". Please help me about that

johnpoz

are you inside your network hitting your public IP hoping to be reflected back in… Or are you testing from outside your network to your public IP?

That port does not match any of your forwards.. Your post shows port 3299 but your forwards are 3306

hungkh

When I telnet IP public, its fail

nat.png_thumb

johnpoz

you telnet from where?

And what is wanvpnt? Is that some vpn interface.. Are they forwarding inbound.. Go through the doc.. Validate that the traffic is even hitting pfsense to be able to forward..

It really should only take about 30 seconds to figure out what is wrong with a port forward.. Pfsense can not forward what it is not seeing is a very common issue.. Wrong port used, or server has its own firewall blocking the traffic, etc..

A 30 second sniff on your wan and then lan interface tells you if the traffic is being seen and forwarded to what you want to forward it to, etc.

canyouseeme.org is a handy site to validate a port is open from outside your network..

hungkh

I am telnet from Internet
WANVNPT is interface WAN. I have two interfaces WAN, and running load balancing. And WANVNPT is not default
When I telnet from Internet, port is close in pfsense
Before i reboot pfsense, its action normal
After reboot, i can't NAT.

Derelict

/var/log: pfctl -sn
no nat proto carp all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on pppoe1 from <tonatsubnets>to any port = isakmp -> (pppoe1) round-robin static-port
nat on pppoe1 from <tonatsubnets>to any -> (pppoe1) port 1024:65535 round-robin
nat on pppoe2 from <tonatsubnets>to any port = isakmp -> (pppoe2) round-robin static-port
nat on pppoe2 from <tonatsubnets>to any -> (pppoe2) port 1024:65535 round-robin
no rdr proto carp all
rdr-anchor "relayd/" all
rdr-anchor "tftp-proxy/" all</tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets>

Port forwards are rdr rules and will come after that. Did you trim the output? If so you didn't show the rules you are asking about.

Your original image did not show port 3299. What specific port forward is not working?

Look at - really look at - all of these things:

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

hungkh

original image is a part of NAT.
I am trying NAT port forward 3299 via WANVNPT (its WAN interface)
Its all show when i check nat firewall use command line

/var/log: pfctl -sn
no nat proto carp all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on pppoe1 from <tonatsubnets>to any port = isakmp -> (pppoe1) round-robin static-port
nat on pppoe1 from <tonatsubnets>to any -> (pppoe1) port 1024:65535 round-robin
nat on pppoe2 from <tonatsubnets>to any port = isakmp -> (pppoe2) round-robin static-port
nat on pppoe2 from <tonatsubnets>to any -> (pppoe2) port 1024:65535 round-robin
no rdr proto carp all
rdr-anchor "relayd/" all
rdr-anchor "tftp-proxy/" all</tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets>

hungkh

[Solved]

I installed pfsense version 2.3.4 and restore config. Its working