pfsense blocking TCP:S when port forwarding for Plex

Username_1 · Apr 19, 2019, 4:53 PM

I am running 2.4.4-RELEASE-p2.

I have a NAT rule set up to pass traffic over port 32400 to my internal Plex server.

When I go to the application to configure the remote access it appears to work initially and then dies.

Afterwards I see blocks in my firewall logs blocking TCP:S trying to communicate to this server.

If I enable 1:1 NAT with the firewall rules it works, but if I disable 1:1 it doesn't.

Here is the log entry showing the TCP:S block

The following are my NAT and FW rules.

I am not entirely sure what I am missing here.

Username_1 · Apr 19, 2019, 4:59 PM

Just realized I used slightly older screenshots. Source port range is any/any

Derelict · Apr 19, 2019, 5:38 PM

Show us where it shows it's blocking it.

Show the NAT rule.

jimp · Apr 19, 2019, 5:54 PM

Is the destination address shown in your block log entry the WAN IP address? Or a VIP? Try setting it specifically on the NAT rule instead of using the interface address macro.

Username_1 · Apr 19, 2019, 5:56 PM

@Derelict It's being blocked in the first image.

Here is the expanded NAT rule

Derelict · Apr 19, 2019, 5:56 PM

Yeah NAT is obviously not happening there for some reason so something is not matching in the NAT rule. Since 1:1 works it is probably something to do with the ports.

If that logged block was from when a source port was configured that would certainly cause that.

Derelict · Apr 19, 2019, 5:57 PM

Your destination host needs to be the outside address. The target IP is the inside address.

Username_1 · Apr 19, 2019, 5:59 PM

@Derelict That was exactly it.

Thanks for catching that!

Derelict · Apr 19, 2019, 6:00 PM

Port forwarding 101, man.

https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html