Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't forward port

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 820 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amello
      last edited by

      Version 2.3.4-RELEASE-p1 (amd64)
      FreeBSD 11.01 bhyve VM
      Trying to open 32400 for Plex.
      NAT enabled for Plex LAN IP
      Server's ports are open:

      Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
      tcp        0      0 0.0.0.0:32400          0.0.0.0:*              LISTEN      3551/Plex Media Ser

      pf can see port open: Port test to host: 10.10.10.33 Port: 32400 successful.

      External port test fails: Port 32400 Timed-Out

      Any ideas?

      Thanks!

      PlexNAT.png
      PlexNAT.png_thumb

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Have you added the required firewall rule to allow the traffic?  The NAT only defines it.  Have you gone through these?

        https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

        https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        1 Reply Last reply Reply Quote 0
        • A
          amello
          last edited by

          @KOM:

          Have you added the required firewall rule to allow the traffic?  The NAT only defines it.  Have you gone through these?

          https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

          https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

          Yes, I have.

          In fact I've later on for testing moved the server to a spare public IP, created a 1-to-1 to it's LAN IP, WAN rules to forward the port to that IP. The server connected, but can't see the IPs, so it might be something on the FreeBSD host interface configuration.

          Moving pf to a bare metal box to by-pass any FreeBSD host configuration.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            what??  You went through the troubleshooting doc and did a sniff showing the traffic hitting pfsense wan and then being forwarded on?  When does it fail?  Post up your wan rules that should of been created when you created your port forward.

            Yes you have to worry about any host firewalls running.. Its quite possible that host blocks traffic from outside its own segment, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • A
              amello
              last edited by

              @johnpoz:

              what??  You went through the troubleshooting doc and did a sniff showing the traffic hitting pfsense wan and then being forwarded on?  When does it fail?  Post up your wan rules that should of been created when you created your port forward.

              Yes you have to worry about any host firewalls running.. Its quite possible that host blocks traffic from outside its own segment, etc.

              Let me clarify :)

              Yes, added the firewall rule to NAT the port and did the troubleshoot. Nothing hitting my WAN as far as I can see. Moved pf out of the VM today to test again and same results. Either I don't know how to see the logs or nothing is hitting my WAN on that port.

              All other ports are working fine, but they are on 1-to-1 NAT from Public IPs to LAN IPs. I'm moving Plex to an spare public IP to see.

              1 Reply Last reply Reply Quote 0
              • A
                amello
                last edited by

                FOUND IT!

                For future reference, u-verse 5268AC has a firewall at IP level under LAN IP Address Allocation. Disabled it and pf took over.

                ![uverse firewall.png](/public/imported_attachments/1/uverse firewall.png)
                ![uverse firewall.png_thumb](/public/imported_attachments/1/uverse firewall.png_thumb)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.