Inquiry "Port forward, DMZ"



  • Hello Guys,
    I HAVE SOME QUESTIONS, PLEASE EXPLAIN THE STEPS IN THE RESPONSES.
    NB.: I USE Pfsense Ver. 2.4.4-P3 AMD AND ESXI 6.7

    1- I created a role to open Port 1194, following this explanation: https://www.informaticar.net/create-port-forwarding-on-pfsense/
    ** It did not work and appears to be closed on a site: https://portchecker.co/


    2- I have a web app that is run from outside the network, before using Pfsense I open NAT-DMZ on the router from WAN to local IP. Now I can't open this app.
    ** I also followed this explanation, but I could not add the third network card, I not found add button:
    https://www.ceos3c.com/pfsense/how-to-create-a-dmz-with-pfsense-2-4-2/?fbclid=IwAR1OE_hbtKBWMKu_VRfILYvD8WUGyVttuL5xGd8jup4dLQx2tj6QIMmHHb8


    3- I have a program that does not work in the domain environment, and after installing the Pfsense and active DHCP, I found value in details for ethernet: connection-specific dns suffix get domain I add in general like "computername.local" I try remove domain name from Pfsense but is mandatory. and the employee can't open this program now



  • Hi,

    1. No need to go to http//whatever.on.the.internet.tld
      Like Mercedes knows all about Mercedes cars, Netgate/pfSense knows all about pfSense : https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

    I would open my tool box, that is : clicking on " Diagnostics > Packet Capture" and set up for a capture on port 1194 and UDP (?) and start it.
    Then, try to connect using your remote App.
    Stop the capture.
    Look at the result : something came actually into on your WAN (?) NIC on this 1194 port ?
    If not : the problem is up stream : traffic didn't make it to pfSense.

    Read the entire check list on the trouble shooting page : execute every step, and if you do not understand : ask.

    1. "before using Pfsense I open NAT-DMZ on the router from WAN to local IP. " pfSEnse is not any different from any other router on planet Earth.
      You have to create a NAT rule, using incoming port, outgoing (destination) port, a 'LAN' (DMZ) IP address and that's it.
      But if 1) applies, and nothing comes in ... well yeah .... 1 explains 2.

    2. "I have a program that does not work in the domain environmen" : I don't understand.
      That's a typical user that describes an error.
      Your are the network admin ? Start detailing what actually happens. We, from here, know nothing about your network / needs / setup.
      Give details and we figure it out.