Port forwarding some port will work and some are port are not. please help

kiancloud

here's my setup
NAT
WAN TCP/UDP * * WAN address 8007 192.168.1.59 8007 TEST
RULES
0 /4 KiB IPv4 TCP/UDP * * 192.168.1.59 8007 * none NAT TEST

Result:
https://www.canyouseeme.org/ port (8007)
Reason: Connection timed out

But
NAT
Actions WAN TCP/UDP * * WAN address 3389 (MS RDP) 192.168.1.59 3389 (MS RDP) TEST

RULES
Actions
0 /4 KiB IPv4 TCP/UDP * * 192.168.1.59 3389 (MS RDP) * none NAT TEST

Result:
https://www.canyouseeme.org/ port (8007)
(3389)
Your ISP is not blocking port 3389
SUCCESS

May I ask.. how is that possible?
please help, im doing my port forwarding.

johnpoz

There are few things that could cause this, 1st one destination .59 not even listening on 8007.. Or maybe its only UDP? you can not test udp with canyouseeme

2nd maybe firewall blocking on .59 for 8007 from remote IP, while rdp is not being blocked.

I would suggest you go through the troubleshooting guide to find out where the problem is.
https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

kiancloud

First: my protocol is TCP/UDP, then my common router can forward 8010(my CCTV) or even 9100(for my application) flawlessly.
in my pfsense cannot. only 3389
Second: my pc firewall is already turn off. in my pfsense its fresh installed. dont have yet snort or suricata.
after the installation of my pfsense, i tried directly port forwarding.(only port forwarding so that we can isolate the issues).
PLEASE HELP ME.

chpalmer

I blame your ISP.

johnpoz

And did you validate the tcp traffic on port 8007 actually gets to pfsense wan? This is really step one, because if it doesn't get there pfsense can not forward it ;)

kiancloud

chpalmer => pfsense and my common router same ISP but different public ip add, im planning to use pfsense after successfull port forwarding.

johnpoz => ill try to check and switch to port 9100.

kiancloud

Here's the result packet capture on port 9100

10:02:54.107551 IP 52.202.215.126.40022 > 122.xx.xx.xx.9100: tcp 0
10:02:55.104416 IP 52.202.215.126.40022 > 122.xx.xx.xx.9100: tcp 0
10:02:57.109528 IP 52.202.215.126.40022 > 122..xx.xx.xx.9100: tcp 0
10:03:01.113338 IP 52.202.215.126.40022 > 122.xx.xx.xx.9100: tcp 0
10:03:04.815144 IP 52.202.215.126.40037 > 122.xx.xx.xx9100: tcp 0
10:03:05.813596 IP 52.202.215.126.40037 > 122.xx.xx.xx9100: tcp 0
10:03:07.817481 IP 52.202.215.126.40037 > 122.xx.xx.xx9100: tcp 0
10:03:11.825342 IP 52.202.215.126.40037 > 122.xx.xx.xx9100: tcp 0

i used TCP only and check canyouseeme.org

johnpoz

Ok so 9100 gets to your wan... So does it get sent out your lan to what your trying to forward to?

kiancloud

Not yet active.. but an application the will receive data from android.

kiancloud

here's my pc configuration
IPv4 Address. . . . . . . . . . . : 192.168.1.59
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . 192.168.1.1

kiancloud

ill post here if already active and the port still not open. thanks

kiancloud

Hi,
port forward still fail.

maybe i will just reinstall it again,

johnpoz

Reinstall what? Do you see pfsense sending the traffic to where you are forwarding? Once you validated it gets to pfsense wan.. If you see go to your device IP, and no answer its not pfsense.. If you don't see it go to the device, but you do see it hit the wan - then you have something wrong in the forwarding..

Go through the guide linked to, finding where the problem is should only take total of about 2 minutes!

What I can tell you in the 10 some years on this forum, is that it is always PEBKAC!! In the prob 1000's of posts have been involved in with port forwarding - I do not recall once ever seeing an issue that was actually an issue with a pfsense. It is always a mistake made in the forwarding, or the traffic doesn't even get there, or the device sending to is not even listening, or they sending to the wrong device, or the device is not using pfsense as its gateway. Or the device is running a firewall, etc.. All of which is listed in the guide to check!

KnowledgeAddict024

@johnpoz said in Port forwarding some port will work and some are port are not. please help:

I do not recall once ever seeing an issue that was actually an issue with a pfsense.

Got one for you right here. They do exist!
https://forum.netgate.com/topic/150008/port-forward-on-one-interface-incorrectly-triggers-forward-on-another

chpalmer

@johnpoz said in Port forwarding some port will work and some are port are not. please help:

I do not recall once ever seeing an issue that was actually an issue with a pfsense.

Got one for you right here.

Well technically.. since your post was almost two hours after his response he is right. Your post there is new and the issue not proven or tested by others yet. But any talk about that issue should only happen on your post there.

KnowledgeAddict024

@chpalmer said in Port forwarding some port will work and some are port are not. please help:

@johnpoz said in Port forwarding some port will work and some are port are not. please help:

I do not recall once ever seeing an issue that was actually an issue with a pfsense.

Got one for you right here.

Well technically.. since your post was almost two hours after his response he is right. Your post there is new and the issue not proven or tested by others yet. But any talk about that issue should only happen on your post there.

Well technically...he is right regardless of when my post was made. I have no doubt @johnpoz is correct when he says he's never seen an issue that was a problem with pfSense itself. However, I do somewhat question his 10-year experience as I have seen a couple of non-PEBKAC's just lurking here over the years.

Did I say he was wrong about anything? No. Did I discuss the issue, or merely just link to it in case he (or anyone else, for that matter) was interested? Yeah that's what I thought. None of those things happened, yet you felt the need to chime in anyways.

You self-appointed forum nannies make me sick sometimes.

johnpoz

You saying X, doesn't mean its actually TRUE! I have seen countless people saying they have found a bug.. Vast majority of time its PEBAC!!

Until you actually show what you seeing, and others can duplicate it its not anything...

chpalmer

@KnowledgeAddict024 said in Port forwarding some port will work and some are port are not. please help:

I do doubt his 10-year experience as I have seen

LOL.. I started using and browsing in around 2007.. and Id say Id agree with his statement. But hey.. Go back to your thread over there and help everyone understand.

Ive had servers here for all that time working as advertised.

KnowledgeAddict024

@johnpoz Then go to the topic and prove me wrong

KnowledgeAddict024

@johnpoz Vast majority =/= always PEBKAC as you stated before