Forwarding and ping from WAN dont work. (SOLVED)

Stefoo

This post is deleted!

Stefoo

IT WAS CAPTIVE PORTAL BLOCKING DEVICE TO WAN.

@johnpoz Next time I will take 3 beers. One is for you.
Thanks for helping.

johnpoz

And PEBKAC strikes again ;) This is the root cause of all port forwarding issues...

Stefoo

I dont completely agree, although this CP has made me confused not once.
While forwarding is different case, because connection is established from outside, so CP should not ask devices for rights to respond.
Maybe I am wrong.
What got me confused was that ping from WAN.
Well! Now at least that PEBKAC can sniff and diagnose a bit better ;)

Derelict

That is number 9 of things to check here:

https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html#common-problems

When I emphasize check (really check) everything there, this is what I am talking about.

It is invariably something on that list.

Stefoo

Hi,
Can I ask a bit of hinting about NAT reflection, I guess.
The case is ... I got the the forwarding to work ok. I got the DDNS to work with the forwarding ok. My ports are not 1:1, hence I forward 77 to 88.
But when I try to connect from the internal network by the domain:port it does not connect.
I guess its not connecting since the reflection is connecting to ports 77 while on the internal network services are on 88?
I tried to override that by playing with settings, but no luck.
So far have no idea what to search for to understand better the case.

Thank you again for any comments and ofc your critique.

johnpoz

Nat reflection is ALWAYS the worse option to choose.. I don't understand why anyone would ever want to nat reflect..

if host.domain.tld is on the same network next to you - then why would you not just resolve host.domain.tld to that IP.. Why would you ever want to go to the public IP to be reflected back in??

As to forwarding port X to port Y.. That is always a work around in itself to all to go to the same service with the limitation of napt and only 1 public IP, etc.

If you want to go to host.domain.tld:port then go there where host.domain.tld resolves to the local IP and not the public ip..