Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get port forward to work correctly.

    Scheduled Pinned Locked Moved
    NAT
    4
    31
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      undertaker666 @undertaker666
      last edited by undertaker666

      @undertaker666

      tcpdump -nettti pppoe0 port 59372 -vv
tcpdump: listening on pppoe0, link-type NULL (BSD loopback), capture size 262144 bytes
 00:00:00.000000 AF IPv4 (2), length 56: (tos 0x2,ECT(0), ttl 63, id 28582, offset 0, flags [none], proto TCP (6), length 52)
    My-WAN.31533 > 172.16.1.0.59372: Flags [SEW], cksum 0xbecc (correct), seq 2428356104, win 62720, options [mss 8960,nop,wscale 8,nop,nop,sackOK], length 0
 00:00:00.013465 AF IPv4 (2), length 48: (tos 0x2,ECT(0), ttl 254, id 6409, offset 0, flags [DF], proto TCP (6), length 44)
    172.16.1.0.59372 > My-WAN.31533: Flags [S.], cksum 0x9772 (correct), seq 4044710442, ack 2428356105, win 4200, options [mss 1400], length 0
 00:00:00.000241 AF IPv4 (2), length 44: (tos 0x0, ttl 63, id 28583, offset 0, flags [none], proto TCP (6), length 40)
    My-WAN.31533 > 172.16.1.0.59372: Flags [.], cksum 0xc3ca (correct), seq 1, ack 1, win 64400, length 0
 00:00:00.003992 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28584, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.302961 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28585, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.394904 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28586, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.699004 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28587, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.589524 AF IPv4 (2), length 56: (tos 0x2,ECT(0), ttl 63, id 36468, offset 0, flags [none], proto TCP (6), length 52)
    My-WAN.60033 > 172.16.2.0.59372: Flags [SEW], cksum 0x442d (correct), seq 3544223184, win 62720, options [mss 8960,nop,wscale 8,nop,nop,sackOK], length 0
 00:00:00.013934 AF IPv4 (2), length 48: (tos 0x2,ECT(0), ttl 254, id 9436, offset 0, flags [DF], proto TCP (6), length 44)
    172.16.2.0.59372 > My-WAN.60033: Flags [S.], cksum 0x3e54 (correct), seq 3004006065, ack 3544223185, win 4200, options [mss 1400], length 0
 00:00:00.000178 AF IPv4 (2), length 44: (tos 0x0, ttl 63, id 36469, offset 0, flags [none], proto TCP (6), length 40)
    My-WAN.60033 > 172.16.2.0.59372: Flags [.], cksum 0x6aac (correct), seq 1, ack 1, win 64400, length 0
 00:00:00.005371 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36470, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:00.385924 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36471, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:00.304076 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28593, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.095936 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36472, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:00.218016 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 10875, offset 0, flags [DF], proto TCP (6), length 40)
    172.16.1.0.59372 > My-WAN.31533: Flags [R.], cksum 0xbf57 (correct), seq 1, ack 1, win 0, length 0
 00:00:00.476972 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36477, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:01.204971 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36480, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:00.323059 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 13669, offset 0, flags [DF], proto TCP (6), length 40)
    172.16.2.0.59372 > My-WAN.60033: Flags [R.], cksum 0x6639 (correct), seq 1, ack 1, win 0, length 0

      Here's a small output of that command.

      The weird thing is, when I do canyouseeme, it shows me another public IP than what is shown in the WAN interface on my pfSense box.
      Both are public IPs, and I tested both, and now they say closed.

      L U 2 Replies Last reply Reply Quote 0
      • L
        lolipoplo @undertaker666
        last edited by

        @undertaker666

        if you aren't willing to do tcpdump on pflog0 you can't see how your packets get blocked

        U 1 Reply Last reply Reply Quote 0
        • U
          undertaker666 @lolipoplo
          last edited by

          @lolipoplo Look up

          L 1 Reply Last reply Reply Quote 0
          • L
            lolipoplo @undertaker666
            last edited by

            @undertaker666 where?

            1 Reply Last reply Reply Quote 0
            • U
              undertaker666 @undertaker666
              last edited by

              @undertaker666 said in Can't get port forward to work correctly.:

              @undertaker666

              tcpdump -nettti pppoe0 port 59372 -vv
tcpdump: listening on pppoe0, link-type NULL (BSD loopback), capture size 262144 bytes
 00:00:00.000000 AF IPv4 (2), length 56: (tos 0x2,ECT(0), ttl 63, id 28582, offset 0, flags [none], proto TCP (6), length 52)
    My-WAN.31533 > 172.16.1.0.59372: Flags [SEW], cksum 0xbecc (correct), seq 2428356104, win 62720, options [mss 8960,nop,wscale 8,nop,nop,sackOK], length 0
 00:00:00.013465 AF IPv4 (2), length 48: (tos 0x2,ECT(0), ttl 254, id 6409, offset 0, flags [DF], proto TCP (6), length 44)
    172.16.1.0.59372 > My-WAN.31533: Flags [S.], cksum 0x9772 (correct), seq 4044710442, ack 2428356105, win 4200, options [mss 1400], length 0
 00:00:00.000241 AF IPv4 (2), length 44: (tos 0x0, ttl 63, id 28583, offset 0, flags [none], proto TCP (6), length 40)
    My-WAN.31533 > 172.16.1.0.59372: Flags [.], cksum 0xc3ca (correct), seq 1, ack 1, win 64400, length 0
 00:00:00.003992 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28584, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.302961 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28585, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.394904 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28586, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.699004 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28587, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.589524 AF IPv4 (2), length 56: (tos 0x2,ECT(0), ttl 63, id 36468, offset 0, flags [none], proto TCP (6), length 52)
    My-WAN.60033 > 172.16.2.0.59372: Flags [SEW], cksum 0x442d (correct), seq 3544223184, win 62720, options [mss 8960,nop,wscale 8,nop,nop,sackOK], length 0
 00:00:00.013934 AF IPv4 (2), length 48: (tos 0x2,ECT(0), ttl 254, id 9436, offset 0, flags [DF], proto TCP (6), length 44)
    172.16.2.0.59372 > My-WAN.60033: Flags [S.], cksum 0x3e54 (correct), seq 3004006065, ack 3544223185, win 4200, options [mss 1400], length 0
 00:00:00.000178 AF IPv4 (2), length 44: (tos 0x0, ttl 63, id 36469, offset 0, flags [none], proto TCP (6), length 40)
    My-WAN.60033 > 172.16.2.0.59372: Flags [.], cksum 0x6aac (correct), seq 1, ack 1, win 64400, length 0
 00:00:00.005371 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36470, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:00.385924 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36471, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:00.304076 AF IPv4 (2), length 205: (tos 0x0, ttl 63, id 28593, offset 0, flags [none], proto TCP (6), length 201)
    My-WAN.31533 > 172.16.1.0.59372: Flags [P.], cksum 0xc832 (correct), seq 1:162, ack 1, win 64400, length 161
 00:00:00.095936 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36472, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:00.218016 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 10875, offset 0, flags [DF], proto TCP (6), length 40)
    172.16.1.0.59372 > My-WAN.31533: Flags [R.], cksum 0xbf57 (correct), seq 1, ack 1, win 0, length 0
 00:00:00.476972 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36477, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:01.204971 AF IPv4 (2), length 497: (tos 0x0, ttl 63, id 36480, offset 0, flags [none], proto TCP (6), length 493)
    My-WAN.60033 > 172.16.2.0.59372: Flags [P.], cksum 0x62af (correct), seq 1:454, ack 1, win 64400, length 453
 00:00:00.323059 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 13669, offset 0, flags [DF], proto TCP (6), length 40)
    172.16.2.0.59372 > My-WAN.60033: Flags [R.], cksum 0x6639 (correct), seq 1, ack 1, win 0, length 0

              Here's a small output of that command.

              The weird thing is, when I do canyouseeme, it shows me another public IP than what is shown in the WAN interface on my pfSense box.
              Both are public IPs, and I tested both, and now they say closed.

              here

              L 1 Reply Last reply Reply Quote 0
              • L
                lolipoplo @undertaker666
                last edited by

                @undertaker666 I only see pppoe0, where's pflog0?

                U 1 Reply Last reply Reply Quote 0
                • U
                  undertaker666 @lolipoplo
                  last edited by undertaker666

                  @lolipoplo pflog0 was empty, no matches.

                  L 1 Reply Last reply Reply Quote 0
                  • L
                    lolipoplo @undertaker666
                    last edited by

                    @undertaker666

                    pfsense has logging on for all of the default block/reject rules

                    If pflogs is empty, this probably means your port forwarding is working provided you do not have silent block/reject rules.

                    one more sanity check, go to your associated pass rules for nat and enable logging, then listen to pflog0 again to make sure they are matched

                    U 2 Replies Last reply Reply Quote 0
                    • U
                      undertaker666 @lolipoplo
                      last edited by

                      @lolipoplo Still empty, and I could see almost nothing hits the rule in the auth screen as well.

                      Even though I ran a check from an online service to see if it's open or not, it did not register, and the test came back as closed.

                      Something is very weird here. I already did such a check before that returned open, so I'm not sure what happened.

                      1 Reply Last reply Reply Quote 0
                      • U
                        undertaker666 @lolipoplo
                        last edited by

                        @lolipoplo

                         00:00:39.893213 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 39453, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 123.139.94.40.16379: [udp sum ok] UDP, length 104
 00:11:15.697052 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 41593, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 123.139.94.40.16379: [udp sum ok] UDP, length 104
 01:27:00.579015 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 24615, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62214: [udp sum ok] UDP, length 104
 00:00:00.296683 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 24616, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62224: [udp sum ok] UDP, length 104
 00:14:59.783329 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 63138, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62214: [udp sum ok] UDP, length 104
 00:04:14.623627 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 63139, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.52601: [udp sum ok] UDP, length 104
 00:10:46.028208 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 21564, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.1: [udp sum ok] UDP, length 104
 00:00:00.290588 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 21565, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62224: [udp sum ok] UDP, length 104
 00:00:01.600105 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 21566, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62224: [udp sum ok] UDP, length 104
 00:14:58.004355 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 6150, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.52601: [udp sum ok] UDP, length 104
 00:00:00.162623 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 6151, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.1: [udp sum ok] UDP, length 104
 00:00:00.154916 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 6152, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62386: [udp sum ok] UDP, length 104
 00:00:01.225057 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 6153, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62320: [udp sum ok] UDP, length 104
 00:14:58.611751 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 47222, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62320: [udp sum ok] UDP, length 104
 00:00:01.804954 rule 51/0(match) [ridentifier 1000000119]: block in on em1: (tos 0x0, ttl 64, id 47223, offset 0, flags [none], proto UDP (17), length 132)
    192.168.55.100.59372 > 45.190.158.201.62386: [udp sum ok] UDP, length 104
 00:33:32.433578 rule 4/0(match) [ridentifier 1000000103]: block in on pppoe0: (tos 0x28, ttl 110, id 63739, offset 0, flags [none], proto TCP (6), length 52)
    154.16.174.207.59372 > My-WAN-IP.54296: Flags [S], cksum 0x05da (correct), seq 3626588183, win 65142, options [mss 1287,nop,wscale 8,nop,nop,sackOK], length 0
 00:00:01.010321 rule 4/0(match) [ridentifier 1000000103]: block in on pppoe0: (tos 0x28, ttl 110, id 63740, offset 0, flags [none], proto TCP (6), length 52)
    154.16.174.207.59372 > My-WAN-IP.54296: Flags [S], cksum 0x05da (correct), seq 3626588183, win 65142, options [mss 1287,nop,wscale 8,nop,nop,sackOK], length 0
 00:00:02.000693 rule 4/0(match) [ridentifier 1000000103]: block in on pppoe0: (tos 0x28, ttl 110, id 63741, offset 0, flags [none], proto TCP (6), length 52)
    154.16.174.207.59372 > My-WAN-IP.54296: Flags [S], cksum 0x05da (correct), seq 3626588183, win 65142, options [mss 1287,nop,wscale 8,nop,nop,sackOK], length 0
 00:07:20.160301 rule 4/0(match) [ridentifier 1000000103]: block in on pppoe0: (tos 0x2a,ECT(0), ttl 113, id 17567, offset 0, flags [none], proto TCP (6), length 52)
    188.132.209.91.59372 > My-WAN-IP.38535: Flags [SEW], cksum 0x7a03 (correct), seq 4200447135, win 64240, options [mss 1400,nop,wscale 8,nop,nop,sackOK], length 0
 00:00:06.000334 rule 4/0(match) [ridentifier 1000000103]: block in on pppoe0: (tos 0x28, ttl 113, id 17573, offset 0, flags [none], proto TCP (6), length 52)
    188.132.209.91.59372 > My-WAN-IP.38535: Flags [S], cksum 0x7ac3 (correct), seq 4200447135, win 64240, options [mss 1400,nop,wscale 8,nop,nop,sackOK], length 0

                        This is after I left it for a whole night to run.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.