Can't forward port

amello

Version 2.3.4-RELEASE-p1 (amd64)
FreeBSD 11.01 bhyve VM
Trying to open 32400 for Plex.
NAT enabled for Plex LAN IP
Server's ports are open:

Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
tcp        0      0 0.0.0.0:32400          0.0.0.0:*              LISTEN      3551/Plex Media Ser

pf can see port open: Port test to host: 10.10.10.33 Port: 32400 successful.

External port test fails: Port 32400 Timed-Out

Any ideas?

Thanks!

KOM

Have you added the required firewall rule to allow the traffic?  The NAT only defines it.  Have you gone through these?

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

amello

@KOM:

Have you added the required firewall rule to allow the traffic?  The NAT only defines it.  Have you gone through these?

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Yes, I have.

In fact I've later on for testing moved the server to a spare public IP, created a 1-to-1 to it's LAN IP, WAN rules to forward the port to that IP. The server connected, but can't see the IPs, so it might be something on the FreeBSD host interface configuration.

Moving pf to a bare metal box to by-pass any FreeBSD host configuration.

johnpoz

what??  You went through the troubleshooting doc and did a sniff showing the traffic hitting pfsense wan and then being forwarded on?  When does it fail?  Post up your wan rules that should of been created when you created your port forward.

Yes you have to worry about any host firewalls running.. Its quite possible that host blocks traffic from outside its own segment, etc.

amello

@johnpoz:

what??  You went through the troubleshooting doc and did a sniff showing the traffic hitting pfsense wan and then being forwarded on?  When does it fail?  Post up your wan rules that should of been created when you created your port forward.

Yes you have to worry about any host firewalls running.. Its quite possible that host blocks traffic from outside its own segment, etc.

Let me clarify :)

Yes, added the firewall rule to NAT the port and did the troubleshoot. Nothing hitting my WAN as far as I can see. Moved pf out of the VM today to test again and same results. Either I don't know how to see the logs or nothing is hitting my WAN on that port.

All other ports are working fine, but they are on 1-to-1 NAT from Public IPs to LAN IPs. I'm moving Plex to an spare public IP to see.

amello

FOUND IT!

For future reference, u-verse 5268AC has a firewall at IP level under LAN IP Address Allocation. Disabled it and pf took over.