Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding help needed

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stomp442
      last edited by

      I downloaded and successfully install the 1.2.2 VMware appliance. No problems getting it to connect to my ISP.

      My config is basically this:

      ISP <-> VMWare Appliance <-> My LAN

      The VM is installed on VMWare Server 2.0, hosted by Centos 5.2.

      My problem is that any ports I try open, never open up. Meaning, if I want to open 20/21 for FTP traffic, I create the necessary rule(s) and NAT rules as well, routing the traffic to my FTP server. At first I though: "HEY! It's the firewall on my host OS that's blocking the traffic." So I punched out 20 and 21 on the host's firewall. And nothing. So I completely disabled my host firewall. And nothing.

      I probably should have mentioned that the connection to my ISP is via a Touchstone Telephony modem (Wide Open West). I've tried to reset the modem, but I'm not convinced that it still doesn't retain the MAC address that I'd put.

      I then tried several MACs, both real and spoofed. Both have the same result: No open ports.

      Any thoughts?

      I can post config info, screenshots, etc.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • K
        kalidin74
        last edited by

        A few suggestions…

        1. Create a wide open rule to ensure its nothing there.
        2. If you are using a Virtual IP (strongly suggested) make sure you are using the ARP/Proxy version.
        3. Create a logging rule to see if the packet is making it to the PFsense box

        1 Reply Last reply Reply Quote 0
        • S
          stomp442
          last edited by

          @kalidin74:

          A few suggestions…

          1. Create a wide open rule to ensure its nothing there.
          Already did that. And still denied access. I'm using www.canyouseeme.org to test port availability. Any scans that I've run from there, to my firewall, time out.
          2. If you are using a Virtual IP (strongly suggested) make sure you are using the ARP/Proxy version.
          Give me the quick and dirty (or not so dirty) reasoning behind a Virtual IP vs. the physical one. Thanks.
          3. Create a logging rule to see if the packet is making it to the PFsense box
          I'm an idiot, have not tried that. Will try tonight when I get home. Will post more info then

          I'm still wondering if it might be a case of the MAC address that is stored in my Touchstone.

          1 Reply Last reply Reply Quote 0
          • S
            stomp442
            last edited by

            @kalidin74:

            A few suggestions…

            1. Create a wide open rule to ensure its nothing there.
            2. If you are using a Virtual IP (strongly suggested) make sure you are using the ARP/Proxy version.
            3. Create a logging rule to see if the packet is making it to the PFsense box
            No entries were created when I tried routing FTP requests to a specific address. Tried to allow all FTP requests to pass without a specific path, and nothing in the logs. Which tells me that my cable modem is standing in the way

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.