Port forwarding stopped working

MrGrimod

I've my portforwarding set up as always and it has been working for quite a long time. But yesterday it stopped working, I've already checked everything and the problem is definitly the pfsense system. I already went though the troubleshooting guide (https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html) and Nat reflection is enabled. I will post a pic. of all configs and Packet Capture.

Packet Capture on port 80 with my public IP as host:

18:04:56.688659 IP 192.168.178.26.62774 > 217.226.185.179.80: tcp 0
18:04:56.688884 IP 192.168.178.26.22130 > 217.226.185.179.80: tcp 0
18:04:56.940353 IP 192.168.178.26.3410 > 217.226.185.179.80: tcp 0
18:04:59.689031 IP 192.168.178.26.62774 > 217.226.185.179.80: tcp 0
18:04:59.689881 IP 192.168.178.26.22130 > 217.226.185.179.80: tcp 0
18:04:59.940878 IP 192.168.178.26.3410 > 217.226.185.179.80: tcp 0
18:05:05.690637 IP 192.168.178.26.62774 > 217.226.185.179.80: tcp 0
18:05:05.691508 IP 192.168.178.26.22130 > 217.226.185.179.80: tcp 0
18:05:05.941865 IP 192.168.178.26.3410 > 217.226.185.179.80: tcp 0
18:05:17.821561 IP 192.168.178.26.11430 > 217.226.185.179.80: tcp 0
18:05:17.945772 IP 192.168.178.26.41257 > 217.226.185.179.80: tcp 0
18:05:20.821952 IP 192.168.178.26.11430 > 217.226.185.179.80: tcp 0
18:05:20.946620 IP 192.168.178.26.41257 > 217.226.185.179.80: tcp 0

Derelict

If that is all you are seeing, that is outbound traffic from your WAN address to 217.226.185.179:80 (probably connections from inside hosts after outbound NAT has been applied) and would have nothing to do with inbound traffic that might activate the port forward.

If that is all the traffic that you are seeing, then I suspect point 5 under common problems here:

https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

Check (really actually check) everything there.

MrGrimod

It's none of the Common Problems...

Grimson

The WAN IP is in private space and assigned via DHCP, so check your upstream device and make sure it's forwarding the ports to the correct IP. I highly doubt it's a pfSense issue, more likely PEBCAK or your ISP decided to block the ports.

Derelict

@mrgrimod said in Port forwarding stopped working:

It's none of the Common Problems...

If that is the only traffic you see and you never see any connection attempts inbound, there is nothing for pfSense to forward as outlined in the above post by @Grimson.

(It's always one of the things listed in common problems)

MrGrimod

The upstream device is a Fritzbox. The PFsense router is registred as exposed host but as you can see on the image, there are 0 ports opened.

Derelict

Then we'll need to see a packet capture on WAN that shows the connection attempts arriving. Then we can go from there.

MrGrimod

192.168.178.26 is the pfsense machine in the fritzbox network and 217.226.185.179 is public ISP IP.

19:53:05.205450 IP 192.168.178.26.56150 > 217.226.185.179.80: tcp 0
19:53:05.205455 IP 192.168.178.26.48573 > 217.226.185.179.80: tcp 0
19:53:05.456390 IP 192.168.178.26.19109 > 217.226.185.179.80: tcp 0
19:53:08.205171 IP 192.168.178.26.56150 > 217.226.185.179.80: tcp 0
19:53:08.205173 IP 192.168.178.26.48573 > 217.226.185.179.80: tcp 0
19:53:08.457638 IP 192.168.178.26.19109 > 217.226.185.179.80: tcp 0
19:53:09.199222 IP 192.168.178.26.31156 > 93.184.220.29.80: tcp 0
19:53:09.222688 IP 93.184.220.29.80 > 192.168.178.26.31156: tcp 0
19:53:09.236064 IP 192.168.178.26.31156 > 93.184.220.29.80: tcp 0
19:53:09.875613 IP 192.168.178.26.39928 > 52.22.66.41.80: tcp 371
19:53:09.995460 IP 52.22.66.41.80 > 192.168.178.26.39928: tcp 140
19:53:10.037012 IP 192.168.178.26.39928 > 52.22.66.41.80: tcp 0
19:53:14.205318 IP 192.168.178.26.48573 > 217.226.185.179.80: tcp 0
19:53:14.205320 IP 192.168.178.26.56150 > 217.226.185.179.80: tcp 0
19:53:14.460160 IP 192.168.178.26.19109 > 217.226.185.179.80: tcp 0
19:53:26.845657 IP 192.168.178.26.56136 > 192.168.178.1.80: tcp 1
19:53:26.845969 IP 192.168.178.1.80 > 192.168.178.26.56136: tcp 0
19:53:26.846657 IP 192.168.178.26.18481 > 192.168.178.1.80: tcp 1
19:53:26.846968 IP 192.168.178.1.80 > 192.168.178.26.18481: tcp 0
19:53:38.899873 IP 192.168.178.26.65211 > 192.168.178.1.80: tcp 1
19:53:38.900188 IP 192.168.178.1.80 > 192.168.178.26.65211: tcp 0
19:53:38.908871 IP 192.168.178.26.43649 > 192.168.178.1.80: tcp 1
19:53:38.908873 IP 192.168.178.26.15656 > 192.168.178.1.80: tcp 1
19:53:38.909182 IP 192.168.178.1.80 > 192.168.178.26.43649: tcp 0
19:53:38.909306 IP 192.168.178.1.80 > 192.168.178.26.15656: tcp 0
19:53:38.909872 IP 192.168.178.26.11147 > 192.168.178.1.80: tcp 1
19:53:38.910181 IP 192.168.178.1.80 > 192.168.178.26.11147: tcp 0
19:53:39.644712 IP 192.168.178.26.19131 > 23.59.69.2.80: tcp 0
19:53:39.666361 IP 23.59.69.2.80 > 192.168.178.26.19131: tcp 0
19:53:39.669551 IP 192.168.178.26.19131 > 23.59.69.2.80: tcp 0
19:53:39.669553 IP 192.168.178.26.19131 > 23.59.69.2.80: tcp 338
19:53:39.691494 IP 23.59.69.2.80 > 192.168.178.26.19131: tcp 0
19:53:39.692075 IP 23.59.69.2.80 > 192.168.178.26.19131: tcp 381
19:53:39.756985 IP 192.168.178.26.19131 > 23.59.69.2.80: tcp 0

Derelict

That is still showing zero traffic sourced from the internet to destination 192.168.178.26 TCP port 80, which would be the Pre-NAT destination address and port for inbound connections. Without that traffic arriving on WAN, there is nothing to forward.

You would see something like this on WAN:

19:53:09.199222 IP 93.184.234.213.31156 > 192.168.178.26.80: tcp 0

It would look like this on LAN (after the port forward):

19:53:09.199222 IP 93.184.234.213.31156 > 192.168.5.51.80: tcp 0

Still leaves us at point 5 under common problems. Something upstream not sending the traffic to you.

MrGrimod

Ok, I found the problem. It was the internet gateway or upstream(as you said). I reinstalled the OS and the exposed host function worked again. For some reason it still shows 0 opened port, but hey it works! Thanks for your quick and professional help!