Port forwarding problem (I did try following the troubleshooting guide)

Eddles · Apr 19, 2022, 9:54 PM

Hi all,

I have to use my ISP's router, and I have absolutely no control over it - I can't even see a status page. I have to email customer service if I want to make any changes to the router settings - even the Wi-Fi password! Anyway, they have set up a DMZ for 192.168.0.10. So, I've set up the pfsense WAN port to be 192.168.0.10, and the LAN port to be 192.168.1.1. The ISP is adamant that the DMZ is on and working. However, I seem to be having trouble with port forwarding. Specifically, I have Transmission on my server (IP 192.168.1.17), and it needs port 51413 forwarded. I have followed the troubleshooting guide and don't seem to be successful. Here are the port forward settings & firewall rules:

First, I checked the server port if it is enabled properly:

kit@Voyager ~ % sudo nmap -p 51413 192.168.1.17
Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-19 21:41 BST
Nmap scan report for 192.168.1.17
Host is up (0.0039s latency).

PORT      STATE SERVICE
51413/tcp open  unknown
MAC Address: xxxxx (Dell)

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
kit@Voyager ~ %

So far, so good. I am not 100% certain the DMZ is working properly, so someone suggested looking at the firewall logs to check this, while there are a lot of LAN entries - mainly IPv6 - but very few WAN entries, so I am not sure if the DMZ is the problem.

I used a port checker to check port 51413, and it says it's closed, but I get nothing in the logs. I also ran ShieldsUP! while there were some log entries, it is not clear that it is related to ShieldsUP!.

Here are a few lines selected from the firewall log, all relating to the WAN:

Apr 19 21:29:47 	WAN 	Default deny rule IPv4 (1000000103)  192.168.0.1		224.0.0.1		IGMP
Apr 19 21:29:17 	WAN 	Default deny rule IPv4 (1000000103) 	192.168.0.1:44976		239.255.255.250:1900		UDP 
Apr 19 21:28:25 	WAN 	Block snort2c hosts (1000000118) 	17.253.35.210:80		192.168.0.10:35391		TCP:PA

Does this mean the DMZ is working? Moving forward, looking at firewall states, there are a few lines relating to port 51413, for example:

LAN 	udp 	192.168.1.17:51413 -> 54.194.137.170:6881 	SINGLE:MULTIPLE 	1 / 1 	122 B / 95 B 	
WAN 	udp 	192.168.0.10:23220 (192.168.1.17:51413) -> 54.194.137.170:6881 	MULTIPLE:SINGLE 	1 / 1 	122 B / 95 B 	
LAN 	udp 	192.168.1.17:51413 -> 31.133.127.112:6881 	NO_TRAFFIC:SINGLE 	1 / 0 	122 B / 0 B 	
WAN 	udp 	192.168.0.10:53761 (192.168.1.17:51413) -> 31.133.127.112:6881 	SINGLE:NO_TRAFFIC 	1 / 0 	122 B / 0 B

Again, I'm guessing that it's all related to the server trying to talk out on port 51413 but not being successful, but I'm not 100% sure.

I tried doing a nmap scan on pfsense itself, but I have no idea if doing this is a valid method of diagnosis:

[2.6.0-RELEASE][admin@pfSense.xx.intranet]/root: nmap 192.168.0.10
Starting Nmap 7.91 ( https://nmap.org ) at 2022-04-19 21:11 UTC
Stats: 0:00:13 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 72.60% done; ETC: 21:11 (0:00:05 remaining)
Nmap scan report for 192.168.0.10
Host is up (0.000043s latency).
Not shown: 996 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 15.05 seconds
[2.6.0-RELEASE][admin@pfSense.xx.intranet]/root: nmap -p 51413 192.168.0.10
Starting Nmap 7.91 ( https://nmap.org ) at 2022-04-19 21:12 UTC
Nmap scan report for 192.168.0.10
Host is up.

PORT      STATE    SERVICE
51413/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 2.20 seconds
[2.6.0-RELEASE][admin@pfSense.xx.intranet]

Note:

I have unticked "Block private networks" in the WAN interface setup.
I have unticked "Block bogon networks" in the WAN interface setup.
Snort is installed & running. While, I've followed some tutorials on how to set up Snort, I'm inexperienced, so Snort might be blocking 51413 for all I know. That said, I tried turning off Snort and trying the port checker, but no difference.

I am certain I have made plenty of simple mistakes, that I can't figure out by reading the troubleshooting guide, so I would really appreciate your advice here! Thank you so much!

viragomann · Apr 20, 2022, 8:37 PM

@eddles said in Port forwarding problem (I did try following the troubleshooting guide):

I am not 100% certain the DMZ is working properly

Run Diagnostic > Packet Capture on WAN and initiate an access from outside to check out, if the DMZ is working.
From what I see til now, I don't think so.

Here are a few lines selected from the firewall log, all relating to the WAN:
Apr 19 21:28:25 WAN Block snort2c hosts (1000000118) 17.253.35.210:80 192.168.0.10:35391 TCP:PA
Does this mean the DMZ is working?

This let me assume, outbound from pfSense is basically working. But this is a response packet from a webserver, which is blocked here. That needs further investigation.

However, I'm wondering why you have snort enabled while troubleshooting. You should disable it as well as pfBlockerNG for testing.

Eddles · Apr 20, 2022, 8:37 PM

@viragomann said in Port forwarding problem (I did try following the troubleshooting guide):

Run Diagnostic > Packet Capture on WAN and initiate an access from outside to check out, if the DMZ is working.
From what I see til now, I don't think so.

Problem solved, my ISP enabled DMZ on the wrong router (that I have an account for). Cleared up the router details, DMZ now working and port forwarding works perfect. Thank you for your time!