Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New pfSense vm installed, now port forwards fail

    Scheduled Pinned Locked Moved Firewalling
    10 Posts 2 Posters 694 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      eiger3970
      last edited by eiger3970

      I just installed a new pfSense virtual machine router. Image inserted here for network topology. !
      0_1548721676089_7dbdc7d7-2e63-4e4c-be77-81fb6039369a-image.png
      I restored a backup with all my rules of port forwarding. Image inserted here for router port forwards.!
      0_1548721707865_77131971-9f72-4d9b-9719-2178b3afd0b4-image.png
      However, none of my ports are available externally?
      Any suggestions please?!

      E 1 Reply Last reply Reply Quote 0
      • E Offline
        eiger3970 @eiger3970
        last edited by

        @eiger3970 I note in the network topology that the VMs are pointed to vmbr1. Vmbr1's parent is eth1. Eth1 is the LAN NIC. So, the router vm's port forwards may not address the WAN traffic, which I think the rules should be?

        1 Reply Last reply Reply Quote 0
        • E Offline
          eiger3970
          last edited by

          I found this article about NATs. Do I need this? https://www.sxl.net/how-to-forward-ports-to-your-virtual-machine/

          1 Reply Last reply Reply Quote 0
          • GrimsonG Offline
            Grimson Banned
            last edited by

            https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

            1 Reply Last reply Reply Quote 0
            • E Offline
              eiger3970
              last edited by

              Okay, tested the ports on pfSense > Diagnostics > Test Port and all ports are successful, except for 53.
              Port 53 has the same rules as the other ports though? Still investigating.

              1 Reply Last reply Reply Quote 0
              • E Offline
                eiger3970
                last edited by

                Is my process correct, as it uses NAT?
                pfSense > Firewall > NAT > Port Forward > Add > Destination > Type: any > Destination port range > from: 21 > to: 21 > Redirect target IP: 192.168.1.160 > Redirect target port: 21 > Description: FTP > Save > Apply changes > Close > test connection.
                Computer needs port 21 opened, if not already open.

                I believe Rules can be used. Not sure what's best, however the guide https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html doesn't mention which one to use.

                1 Reply Last reply Reply Quote 0
                • E Offline
                  eiger3970
                  last edited by

                  I added a NAT, however GRC ShieldsUP still says port 53 not open (no ports open for that matter)?
                  0_1548826026894_f57cf43a-38d9-440a-9277-8fac02b1a87f-image.png

                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    eiger3970
                    last edited by

                    Well, the DNS server was not started. Unusual as it usually automatically starts.
                    So, intodns.com now has no dns error.
                    However, www.domain.com showed error: Potential DNS Rebind attack detected. Try accessing the router by IP address instead of by hostname.
                    So, I disabled DNS Rebinding Checks.
                    Now www.domain.com opens a pfSense login page, rather than the website?

                    1 Reply Last reply Reply Quote 0
                    • E Offline
                      eiger3970
                      last edited by

                      I noticed whilst there are Firewall rules, there are no Firewall NATs. This may be wrong, so I think I'll just recreate every NAT and hope it creates the rule automatically.

                      1 Reply Last reply Reply Quote 0
                      • E Offline
                        eiger3970
                        last edited by

                        Okay, the problem was the router had Firewall rules and no NATs.
                        I deleted all the rules, created NATs and linked rules appeared.

                        Strangely, when I access www.domain.com from inside the LAN, the pfSense login page appears, rather than the website?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.