Port forwarding some port will work and some are port are not. please help
-
here's my setup
NAT
WAN TCP/UDP * * WAN address 8007 192.168.1.59 8007 TEST
RULES
0 /4 KiB IPv4 TCP/UDP * * 192.168.1.59 8007 * none NAT TESTResult:
https://www.canyouseeme.org/ port (8007)
Reason: Connection timed outBut
NAT
Actions WAN TCP/UDP * * WAN address 3389 (MS RDP) 192.168.1.59 3389 (MS RDP) TESTRULES
Actions
0 /4 KiB IPv4 TCP/UDP * * 192.168.1.59 3389 (MS RDP) * none NAT TESTResult:
https://www.canyouseeme.org/ port (8007)
(3389)
Your ISP is not blocking port 3389
SUCCESSMay I ask.. how is that possible?
please help, im doing my port forwarding. -
There are few things that could cause this, 1st one destination .59 not even listening on 8007.. Or maybe its only UDP? you can not test udp with canyouseeme
2nd maybe firewall blocking on .59 for 8007 from remote IP, while rdp is not being blocked.
I would suggest you go through the troubleshooting guide to find out where the problem is.
https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html -
First: my protocol is TCP/UDP, then my common router can forward 8010(my CCTV) or even 9100(for my application) flawlessly.
in my pfsense cannot. only 3389
Second: my pc firewall is already turn off. in my pfsense its fresh installed. dont have yet snort or suricata.
after the installation of my pfsense, i tried directly port forwarding.(only port forwarding so that we can isolate the issues).
PLEASE HELP ME. -
I blame your ISP.
-
And did you validate the tcp traffic on port 8007 actually gets to pfsense wan? This is really step one, because if it doesn't get there pfsense can not forward it ;)
-
chpalmer => pfsense and my common router same ISP but different public ip add, im planning to use pfsense after successfull port forwarding.
johnpoz => ill try to check and switch to port 9100.
-
Here's the result packet capture on port 9100
10:02:54.107551 IP 52.202.215.126.40022 > 122.xx.xx.xx.9100: tcp 0
10:02:55.104416 IP 52.202.215.126.40022 > 122.xx.xx.xx.9100: tcp 0
10:02:57.109528 IP 52.202.215.126.40022 > 122..xx.xx.xx.9100: tcp 0
10:03:01.113338 IP 52.202.215.126.40022 > 122.xx.xx.xx.9100: tcp 0
10:03:04.815144 IP 52.202.215.126.40037 > 122.xx.xx.xx9100: tcp 0
10:03:05.813596 IP 52.202.215.126.40037 > 122.xx.xx.xx9100: tcp 0
10:03:07.817481 IP 52.202.215.126.40037 > 122.xx.xx.xx9100: tcp 0
10:03:11.825342 IP 52.202.215.126.40037 > 122.xx.xx.xx9100: tcp 0i used TCP only and check canyouseeme.org
-
Ok so 9100 gets to your wan... So does it get sent out your lan to what your trying to forward to?
-
Not yet active.. but an application the will receive data from android.
-
here's my pc configuration
IPv4 Address. . . . . . . . . . . : 192.168.1.59
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . 192.168.1.1 -
ill post here if already active and the port still not open. thanks
-
Hi,
port forward still fail.maybe i will just reinstall it again,
-
Reinstall what? Do you see pfsense sending the traffic to where you are forwarding? Once you validated it gets to pfsense wan.. If you see go to your device IP, and no answer its not pfsense.. If you don't see it go to the device, but you do see it hit the wan - then you have something wrong in the forwarding..
Go through the guide linked to, finding where the problem is should only take total of about 2 minutes!
What I can tell you in the 10 some years on this forum, is that it is always PEBKAC!! In the prob 1000's of posts have been involved in with port forwarding - I do not recall once ever seeing an issue that was actually an issue with a pfsense. It is always a mistake made in the forwarding, or the traffic doesn't even get there, or the device sending to is not even listening, or they sending to the wrong device, or the device is not using pfsense as its gateway. Or the device is running a firewall, etc.. All of which is listed in the guide to check!
-
@johnpoz said in Port forwarding some port will work and some are port are not. please help:
I do not recall once ever seeing an issue that was actually an issue with a pfsense.
Got one for you right here. They do exist!
https://forum.netgate.com/topic/150008/port-forward-on-one-interface-incorrectly-triggers-forward-on-another -
@johnpoz said in Port forwarding some port will work and some are port are not. please help:
I do not recall once ever seeing an issue that was actually an issue with a pfsense.
Got one for you right here.
Well technically.. since your post was almost two hours after his response he is right. Your post there is new and the issue not proven or tested by others yet. But any talk about that issue should only happen on your post there.
-
@chpalmer said in Port forwarding some port will work and some are port are not. please help:
@johnpoz said in Port forwarding some port will work and some are port are not. please help:
I do not recall once ever seeing an issue that was actually an issue with a pfsense.
Got one for you right here.
Well technically.. since your post was almost two hours after his response he is right. Your post there is new and the issue not proven or tested by others yet. But any talk about that issue should only happen on your post there.
Well technically...he is right regardless of when my post was made. I have no doubt @johnpoz is correct when he says he's never seen an issue that was a problem with pfSense itself. However, I do somewhat question his 10-year experience as I have seen a couple of non-PEBKAC's just lurking here over the years.
Did I say he was wrong about anything? No. Did I discuss the issue, or merely just link to it in case he (or anyone else, for that matter) was interested? Yeah that's what I thought. None of those things happened, yet you felt the need to chime in anyways.
You self-appointed forum nannies make me sick sometimes.
-
You saying X, doesn't mean its actually TRUE! I have seen countless people saying they have found a bug.. Vast majority of time its PEBAC!!
Until you actually show what you seeing, and others can duplicate it its not anything...
-
@KnowledgeAddict024 said in Port forwarding some port will work and some are port are not. please help:
I do doubt his 10-year experience as I have seen
LOL.. I started using and browsing in around 2007.. and Id say Id agree with his statement. But hey.. Go back to your thread over there and help everyone understand.
Ive had servers here for all that time working as advertised.
-
@johnpoz Then go to the topic and prove me wrong
-
@johnpoz Vast majority =/= always PEBKAC as you stated before
-
@KnowledgeAddict024 said in Port forwarding some port will work and some are port are not. please help:
@johnpoz Then go to the topic and prove me wrong
He was there over 12 minutes ago.
-
i just follow this intruction.
check this out if there's a problem regarding on this.
https://www.youtube.com/watch?v=3-DU47zDrQk -
That doesn't tell us what you actually did... You HAVE to show us what you actually did, if you want help figuring out what you did wrong.
Again!! Simple enough to sniff, takes all of 2 freaking seconds.. Traffic hits wan, traffic gets sent out lan or it doesn't If it does.. Then problem is not pfsense..
-
ok ill post it later.
thanks a lot really appreciated -
Here I did a quick test to show you how easy this is to validate...
Using canyouseeme, I sent tcp traffic to port 8007... You can see it gets to my wan.. I then setup a port forward for 8007 to my machine. Which is NOT listening on 8007, but still works for testing port forward as far as pfsense is concerned.
I then sniffed on lan interface for port 8007, and my machines IP... You can see the traffic is sent - but then the answer is RST!! So to canyouseeme its connection refused.. But pfsense did what I told it to, it forwarded the traffic to that IP...
So you need to validate if pfsense is sending it or not.. Once pfsense sends it - pfsense is doing what you told it to do.. If you whatever is not working.. There is something else wrong, ie PEBKAC...
Here is the RST my client sends back..
Your client may or may not do this, but if you see pfsense send the traffic to the port you forwarded to the IP you sent it too, then pfsense did its forwarding.. And your issue is elsewhere.
-
@johnpoz thanks a lot it work, its PEBKAC, i study it carefully each every menu of the pfsense. thank you so much. everything in pfsense error occur it's only PEBKAC, so advised those who read this, study pfsense first before asking.. thanks
-
So what did you do wrong exactly for the next guy..
And I told ya ;)
-
@johnpoz Please dont stop ang get tired of helping me. thanks
-
@johnpoz good day,
i did 5 ports for port forwarding, but only 8011 did not open, 8011t goes to my wan and lan,i did packet capturing, 8010 was open ony 8011 did not open..
please help
-
@kiancloud said in Port forwarding some port will work and some are port are not. please help:
to my wan and lan
So if the port goes out your LAN - its on your device... Has ZERO to do with pfsense, ZERO!!! Have already been over this!!
-
@johnpoz thanks, its working now.
