Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newbie to pfSense, but not to networking

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 4 Posters 737 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xavier8854
      last edited by

      Hi,
      I'm new to pfSense but not a newbie to networking and firewalling (used ipfilter, pf, Stormsheild, Cisco PIX, etc...)
      This very simple couple of rules (NAT + open Firewall) doesn't not open the port from the ouside pov :

      26b6d979-4dff-48cc-8beb-c6a50dcda005-image.png
      6817fc44-7e39-43db-b382-ee7aaed92792-image.png

      Nmap sowhs me the port as filtered...
      I'm surely missing something very basic.
      Thanks,
      Cheers,
      Xavier

      J 1 Reply Last reply Reply Quote 0
      • J
        Jarhead @xavier8854
        last edited by

        @xavier8854 Destination Address should be WAN Address in the NAT.

        X 1 Reply Last reply Reply Quote 0
        • X
          xavier8854 @Jarhead
          last edited by

          @jarhead Thanks for the quick reply. Unfortunately, does'nt seem to be enough :
          578d8f51-5888-4440-bca8-7074dcb33f92-image.png
          But :

          Host is up (0.018s latency).
PORT    STATE    SERVICE
587/tcp filtered submission

          Thanks !
          Xavier

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @xavier8854
            last edited by SteveITS

            @xavier8854 Is 587 open on your mail server? That trips people up sometimes...where connections are allowed from the local subnet but not every IP address.

            Edit: or, is your WAN behind another router?

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            X 1 Reply Last reply Reply Quote 0
            • X
              xavier8854 @SteveITS
              last edited by xavier8854

              @steveits Yes port 587 is opened, I just tested it with the "Test port" Diagnostic tool. And yes, WAN is behind a router, not a bridge, that's why I deactivated 'Block RFC 1918'
              Xavier

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @xavier8854
                last edited by

                @xavier8854 said in Newbie to pfSense, but not to networking:

                And yes, WAN is behind a router, not a bridge,

                So you have also NATted the 587 TCP port on that router ?

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                X 1 Reply Last reply Reply Quote 0
                • X
                  xavier8854 @Gertjan
                  last edited by

                  ATM, I cannot conduct further tests, as my DSL line is down.
                  I carefully read all your suggestions, thank you all
                  Cheers,
                  Xavier

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.