Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN open ports problem

    Scheduled Pinned Locked Moved pfBlockerNG
    8 Posts 2 Posters 849 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      manuelgop
      last edited by

      Hi, sorry for posting this but I am having a hard time in order to make the white list work properly.

      I have some WAN ports open and configured in the NAT section(Forwarding)

      Since one client asked me to block all incoming connections from other parts of the world except Mexico I installed pfBlockerNG and deny all incoming traffic for the rest of the world.

      But I have some VPS(4) in North America that need to access the open ports.

      I have reading about the IPv4 section and created an alias list there but I am doing something wrong since it is not working not even in alias native, even moving a custom rule I have created to the top it does not work.

      Hope you can help me with this.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire
        last edited by

        Did you run the pfBlocker update so it would generate the lists and aliases?

        When you configured the NAT forwarding did you use a pfBlocker alias as the source or is the source Any?

        Perhaps, post screenshots of your NAT forward and the relevant firewall rules.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        M 1 Reply Last reply Reply Quote 1
        • M
          manuelgop
          last edited by

          @manuelgop said in WAN open ports problem:

          ut I have some VPS(4) in North America that need to

          Thank you for your response.

          I looked up and my rule containing the pfB_AllowList was moved all way down. I have reassigned to the top but it does not work neither.
          If I put my cursor over pfB_AllowList it show the IP address I want to be whitelisted.

          The source in the NAT config is Any.
          Added NAT forward and firewall rules.
          Screen Shot 2020-04-28 at 9.03.52 AM.png

          Screen Shot 2020-04-28 at 8.57.40 AM.png

          Screen Shot 2020-04-28 at 8.55.04 AM.png

          S 1 Reply Last reply Reply Quote 0
          • M
            manuelgop @SteveITS
            last edited by

            @teamits said in WAN open ports problem:

            or
            @manuelgop said in WAN open ports problem:
            ut I have some VPS(4) in North America that need to

            Thank you for your response.

            I looked up and my rule containing the pfB_AllowList was moved all way down. I have reassigned to the top but it does not work neither.
            If I put my cursor over pfB_AllowList it show the IP address I want to be whitelisted.

            The source in the NAT config is Any.
            Added NAT forward and firewall rules.
            Screen Shot 2020-04-28 at 9.03.52 AM.png

            Screen Shot 2020-04-28 at 8.57.40 AM.png

            Screen Shot 2020-04-28 at 8.55.04 AM.png

            1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @manuelgop
              last edited by SteveITS

              @manuelgop The pfBlocker rules are reordered when a pfBlocker update runs, according to the "Firewall 'Auto' Rule Order" setting on the IP tab. [edit: the IP tab in pfBlockerNG]

              States value of 0/0B generally means the rule is not seeing any traffic. Are you connecting using port 80 or HTTPS?

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              M 2 Replies Last reply Reply Quote 0
              • M
                manuelgop @SteveITS
                last edited by

                @teamits
                I am trying using port 80.

                1 Reply Last reply Reply Quote 0
                • M
                  manuelgop @SteveITS
                  last edited by

                  @teamits
                  If i go to the firewall log I can see my "whitelisted" IP blocked by the pfB_NAmerica_v4 rule using port 80.

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Galactic Empire @manuelgop
                    last edited by

                    @manuelgop Did you apply the changes after reordering the rules? They apply in order, though as I said pfBlocker might reorder them.

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.