Port Fowards are not working

Zm1868179

I have a PC Engines APU2 that is running PFsense 2.3.5 and i am unable to get port forwarding working at all.  I currently have 1 NAT port forward working but all others i Add are not working at all. I noticed the issue when i attempted to setup and forward port 80 to my web server which work internally but externally i cant access it I even attempted to forward Remote desktop and that didn't work either. I have firewall optimization set on Conservative, I do have Vlans set up and under rules all vlans can talk to each other
Under NAT  for my port forward for RDP I have:

Interface WAN
Destination Port MS RDP to MS RDP
Redirected IP 10.10.2.2
Redirected Port MS RDP

For the Port 80 I have
Interface WAN
Destination Port HTTP to HTTP
Redirected IP 10.10.2.7
Redirected Port HTTP

Internally if i just visit 10.10.2.7 by IP address i get the default IIS page which is what should happen when i visit my External IP address but i get nothing at all. Firewall logs when i search for my cell phones external IP address shows its being blocked by the default Deny Rule

johnpoz

So you created a  port forward, you can not just create your wan rule..

Please post up screenshots vs what you think you did.

Also forwarding Remote desktop is a HUGE freaking mistake!!!

Zm1868179

Yea here is a screen shot of the Rules and the Nat and the deny from the firewall for the http request from my cell phone as a test
I know RDP is a bad idea it just something i had on my phone just to test to see if its anything i forward or just web traffic

johnpoz

Your forwarding SQL as well - Wow talk about wanting to get tagged..

Did you actually hit apply did the rules reload.. I don't see any hits on that rule at all.  On the wan rule.

Zm1868179

Sorry for the long reply lost connection but yes the rule is applied but no matter what i have tried the sql is the only thing that seems to come in. I not using it for sql access i wrote an application that listens on those ports to grab sql backups and store them on a another device than what the application sits on

johnpoz

And the bots of the world are going to be tagging that port every few minutes ;)

So it shows in your log when those rules were loaded…

Is that IP actually your WAN address?  Or is it some other vip?  Look in your log for when your rules reloaded.. Go in and redo your forward and check your logs...

Zm1868179

Yea its one of my static IP Addresses I have a few i just changed to a different Static IP address deleted the Nat port forward and remade it and had it just point to the internal web page on a switch i have and again same thing unable to access it externally

So i installed PFsense Version 2.3.1 on the same type of hardware an PC Engines APU2 and setup port forwards by going under NAT and setting up rdp and http just to test and it works but as soon as i put the APU2 with PFSense 2.3.5 in place setup exactly the same it doesn't work

johnpoz

Dude - if you have multiple IPs you have to create a VIP for the IP you want to use… And then you have to use that VIP as your nat..

Nice if you would of mentioned you had a /? with static IPs on your wan, etc..

Did you create your VIPs?  Here I created a dummy vip... I then used that as the dest in the port forward destination.

Derelict

Note you don't strictly NEED a VIP if the traffic for those addresses is routed to the WAN interface. All that matters is the traffic arrives. If so, NAT will happen.

If it is an address in the WAN subnet (or some silly, unrouted, secondary WAN subnet) then you must have something that will respond to ARP from upstream in place on WAN, meaning one of the VIP types except Other.