New pfSense vm installed, now port forwards fail
-
I just installed a new pfSense virtual machine router. Image inserted here for network topology. !
login-to-view
I restored a backup with all my rules of port forwarding. Image inserted here for router port forwards.!
login-to-view
However, none of my ports are available externally?
Any suggestions please?! -
@eiger3970 I note in the network topology that the VMs are pointed to vmbr1. Vmbr1's parent is eth1. Eth1 is the LAN NIC. So, the router vm's port forwards may not address the WAN traffic, which I think the rules should be?
-
I found this article about NATs. Do I need this? https://www.sxl.net/how-to-forward-ports-to-your-virtual-machine/
-
https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html
-
Okay, tested the ports on pfSense > Diagnostics > Test Port and all ports are successful, except for 53.
Port 53 has the same rules as the other ports though? Still investigating. -
Is my process correct, as it uses NAT?
pfSense > Firewall > NAT > Port Forward > Add > Destination > Type: any > Destination port range > from: 21 > to: 21 > Redirect target IP: 192.168.1.160 > Redirect target port: 21 > Description: FTP > Save > Apply changes > Close > test connection.
Computer needs port 21 opened, if not already open.I believe Rules can be used. Not sure what's best, however the guide https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html doesn't mention which one to use.
-
I added a NAT, however GRC ShieldsUP still says port 53 not open (no ports open for that matter)?
login-to-view -
Well, the DNS server was not started. Unusual as it usually automatically starts.
So, intodns.com now has no dns error.
However, www.domain.com showed error: Potential DNS Rebind attack detected. Try accessing the router by IP address instead of by hostname.
So, I disabled DNS Rebinding Checks.
Now www.domain.com opens a pfSense login page, rather than the website? -
I noticed whilst there are Firewall rules, there are no Firewall NATs. This may be wrong, so I think I'll just recreate every NAT and hope it creates the rule automatically.
-
Okay, the problem was the router had Firewall rules and no NATs.
I deleted all the rules, created NATs and linked rules appeared.Strangely, when I access www.domain.com from inside the LAN, the pfSense login page appears, rather than the website?