Ports will not open

x2rl

Never had trouble before opening ports.

The only thing differant from normal is its on 10.0.1.10
Everything else in the house is on 10.0.1 is this the problem

![2018-05-16 (1).png](/public/imported_attachments/1/2018-05-16 (1).png)
![2018-05-16 (1).png_thumb](/public/imported_attachments/1/2018-05-16 (1).png_thumb)

2018-05-16.png_thumb

KOM

Are you having an actual problem or are you just wondering about the failed test in your torrent dealie? If you're having real problems, check your firewall log to see if anything else is being blocked. I must say that I've been running qbittorrent without needing any forwards and everything works fine.

x2rl

Im just trying to open ports 60000-61000 on gateway 10.0.1.1 ip 10.0.1.10

Ive looked in the logs not sure what im looking for/at?

However in gateways im seening loads of these

May 15 16:15:38 dpinger WAN_DHCP 86.*******: sendto error: 65

Edit

May 16 15:29:56 WAN Default deny rule IPv4 (1000000103) 81.~:52442 86.***:60000 TCP:S

Guess its not open and its still blocking the ports

KOM

Post up a screen of your WAN firewall rules. Maybe the NAT definition didn't autocreate the rule.

stephenw10

Yes, we can't see if you have the port forward set to add a firewall rule automatically.

Also we can't see the title bar so can't see if there are any alerts shown. If there are and they are showing unable to load the v6 bogons table then you may not be loading the new rules because of it.
See: https://forum.pfsense.org/index.php?topic=145990.0

That should be fixed in 2.4.3_1 though.

Steve

x2rl

@KOM:

Post up a screen of your WAN firewall rules. Maybe the NAT definition didn't autocreate the rule.

ive changed the ports to 40000-41000

but here is the screenshot

![2018-05-16 (3).png](/public/imported_attachments/1/2018-05-16 (3).png)
![2018-05-16 (3).png_thumb](/public/imported_attachments/1/2018-05-16 (3).png_thumb)

x2rl

@stephenw10:

Yes, we can't see if you have the port forward set to add a firewall rule automatically.

Also we can't see the title bar so can't see if there are any alerts shown. If there are and they are showing unable to load the v6 bogons table then you may not be loading the new rules because of it.
See: https://forum.pfsense.org/index.php?topic=145990.0

That should be fixed in 2.4.3_1 though.

Steve

Was already on 60000

![2018-05-16 (4).png](/public/imported_attachments/1/2018-05-16 (4).png)
![2018-05-16 (4).png_thumb](/public/imported_attachments/1/2018-05-16 (4).png_thumb)

KOM

Post your WAN firewall rules, not your NAT rules. Firewall - Rules - WAN.

x2rl

@KOM:

Post your WAN firewall rules, not your NAT rules. Firewall - Rules - WAN.

Sorry

![2018-05-16 (7).png](/public/imported_attachments/1/2018-05-16 (7).png)
![2018-05-16 (7).png_thumb](/public/imported_attachments/1/2018-05-16 (7).png_thumb)

KOM

Looks good to me.

Next guess, is your WAN on private network space, eg. 192.168.x.x? If so, you must uncheck the Block private networks option on WAN or it will reject all RFC1918 traffic before it hits your NAT rule.

x2rl

@KOM:

Looks good to me.

Next guess, is your WAN on private network space, eg. 192.168.x.x? If so, you must uncheck the Block private networks option on WAN or it will reject all RFC1918 traffic before it hits your NAT rule.

My wan come from my virgin media modem just gives me a an ip to pfsense is this what you mean KOM? it gives 82.x.x.x.

KOM

OK, that's not it.

Post a screen of your firewall logs (with public details masked) that shows all activity during your test? Do any other NATs work for you?

stephenw10

There is >1GB that's been passed by that rule. If it's not hitting the server that a lot of unanswered requests!

You have changed from port 60000-61000 to 40000-41000, that's intentional?

In the first screenshot your client is setup for only one incoming port, 60000, not a range. Has that changed?

Block private networks will only ever block traffic sourced from a private network. Even if your WAN address is a provate IP (which it isn't) it will only block requests from other hosts in the WAN subnet, which could be legitimate.

Steve

x2rl

@KOM:

OK, that's not it.

Post a screen of your firewall logs (with public details masked) that shows all activity during your test? Do any other NATs work for you?

Think this is the correct log

![2018-05-16 (8).png](/public/imported_attachments/1/2018-05-16 (8).png)
![2018-05-16 (8).png_thumb](/public/imported_attachments/1/2018-05-16 (8).png_thumb)

stephenw10

Right, so your fiirewall rules are passing port 40000. But incoming traffic is on port 60000.

Steve

x2rl

@stephenw10:

There is >1GB that's been passed by that rule. If it's not hitting the server that a lot of unanswered requests!

What does that mean sorry?

@stephenw10:

You have changed from port 60000-61000 to 40000-41000, that's intentional?

In the first screenshot your client is setup for only one incoming port, 60000, not a range. Has that changed?

Yea it was on 40000-41000 a few days ago so I changed it back to what it was before
@stephenw10:

Block private networks will only ever block traffic sourced from a private network. Even if your WAN address is a provate IP (which it isn't) it will only block requests from other hosts in the WAN subnet, which could be legitimate.

Steve

I have no idea what that means Steve sorry im very new to all this and think im in way way to deep trying to get all this working

x2rl

@stephenw10:

Right, so your fiirewall rules are passing port 40000. But incoming traffic is on port 60000.

Steve

I think the 60000 is just because the torrents was running on that port and a few are still trying to connect.

stephenw10

On the WAN firewall rules page the 'States' column shows how much traffic has been passed by states opened by that rule. Yours shows the ~1GB has been passed so traffic is hitting that rule and being passed as expected.

It looks like you changed the port forward back to 40000-41000 but the client is still sending port 60000 or other clients out there are still trying to access it on that port at least.

You can leave the block private networks rule it's not causing a problem.

So what exactly is not working right now?

Steve

x2rl

@stephenw10:

On the WAN firewall rules page the 'States' column shows how much traffic has been passed by states opened by that rule. Yours shows the ~1GB has been passed so traffic is hitting that rule and being passed as expected.

It looks like you changed the port forward back to 40000-41000 but the client is still sending port 60000 or other clients out there are still trying to access it on that port at least.

You can leave the block private networks rule it's not causing a problem.

So what exactly is not working right now?

Steve

whats not working? loads lol

https://forum.pfsense.org/index.php?topic=146285.msg803597#msg803597
https://forum.pfsense.org/index.php?topic=147982.0

and posts 40000-41000 will not open

They open fine on 10.0.0.1 but everything on this 10.0.1.1 is not working and nothing but trouble

stephenw10

Ok but what makes you think ports 40k-41k are not open?

They look to be open to me.

Steve