Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ports are open but cant reach website

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 403 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dzacharias
      last edited by

      Good morning all,
      I used this blog post to configure inter-VLAN routing on my test network.
      https://greigmitchell.co.uk/2019/08/configuring-intervlan-routing-with-a-layer-3-switch-and-pfsense/

      I have configured port forwarding for a web service on port 9443 and the port shows open. I can also reach the service internally. However, the service is still unavailable to any client trying to reach the service from the WAN side. Any thoughts on what might be the issue.

      aad8a017-ea23-4242-8912-cf0c53d9e528-image.png

      Thank you in advance!
      DZ

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @dzacharias
        last edited by

        @dzacharias said in Ports are open but cant reach website:

        I have configured port forwarding

        You've added you NAT rule.
        And your asking yourself : is the inbound traffic suing (hitting) this NAT rule ?
        As you might have seen, a NAT rule is broken up in two parts : they are listed here Firewall > NAT > Port Forward
        and they have a firewall rule on the WAN interface - after all, traffic must be allowed to come in.

        First indication :

        Are these ruels actually used ?

        Answer :

        213c275b-3429-4106-b497-8fed94a3784b-image.png

        Easy :

        Next test : edit your NAT related firewall rule, and make it log !!
        55b6814f-60ec-4e0c-bab8-873200afa873-image.png

        Now, do the test from the outside.
        Take note of the IP you're using.
        Do the test.
        Go check the firewall logs.

        You'll see logs lines with your IP, your pfSense WAN IP, your source port and the pfSense destination port ( 9443).

        Btw : before starting to use NAT rules you should read and understand this :
        Troubleshooting NAT.

        Also, do you have a router in front of pfSense ? If so, you have to add a NAT rule in this device also.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • D
          dzacharias
          last edited by

          Ok,
          well, that might be an issue. I have a catalyst 3560G with the corresponding VLANs on it. I did some googling and it seems that the 3560G switch does not support NAT. Could this be my problem? How can cisco make an L3 switch that does not support NAT? Is there a workaround for this problem?
          Thank you in advance.
          DZ

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.