Server Not Accessible from Internet (Port Blocked)



  • Static IP > ISP Router > Server NIC (PFSense)
    Public IP > 192.168.3.x > 192.168.3.21 (DHCP enabled)

    Due to the setup in our office my ISP cannot remove or bridge the router so my WAN address is an internal 192.168.3.X

    I simply want Pfsense to forward the web ports to a webserver we have but i simply cannot get it to work. I have tried an external port checker and it shows port 80 is closed.

    If i put my own office router in it works perfectly but without the pfsense firewall
    Static IP > ISP Router > Office Router > Webserver - port forwarding to the web server works fine

    I'm running Pfsense on a virtual machine and have put it on the same virtual switch as the webservers in hope to get it running before i attempt to put them on their own DMZ network

    I can access the server by internal IP and the internal network can browse the internet. The server can also ping external networks

    I'm lost at what to try next, any ideas?

    alt text

    Configs:
    alt text
    alt text
    alt text
    alt text
    alt text
    alt text


  • LAYER 8 Netgate

    https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

    Notice how the counters on those rules are 0/0. That indicates the traffic isn't even arriving on WAN.



  • yes i am used a external port checker which shows they are blocked hence no traffic

    I have tried split DNS, NAT reflection, checking the firewall logs but to no avail over 3 days

    Very strange that i can replace PFsense with my standard router and there are no issues - all required ports open

    Being new to Pfsense the only thing i thought it could be was the destination was wrong on the NAT port forward - should this be set to my external IP rather than WAN?


  • LAYER 8 Netgate

    Your port forwards look fine. You are replacing a presumably physical router with a VM. Maybe there's something wrong with how you configured that infrastructure.

    The problem is likely the traffic is not arriving on WAN at all. pfSense cannot act on traffic it never sees on its interfaces. Check (really check) everything in that troubleshooting doc.



  • Normally you would have 2 vSwitches, one for WAN and one for LAN. Then you create a pfSense VM with two NICs, one on the WAN switch, the other on the LAN switch. You connect the WAN switch to your physical NIC and your VMs all connect to the LAN switch.


Log in to reply