pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103)

johnpoz

@learn said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

for any inconvenience but nothing seems to be working

Well not sure what you expect to work if you never actually hit your pfsense on the port your trying to forward..

Pfsense can not forward what it doesn't see. As you port forward of port 6060 firewall shown any hits, or does it still show 0/0 B for the states?

If you forwarded 6060 on your isp router, and you are not seeing that hit your pfsense wan then maybe your isp port forward is wrong. But clear you see 3389 hit your pfsense..

I can not tell what destination IP is in your deny log to 3389.. if it was rfc1918 ie 192.168 something why did you both hiding it? How is it that 3389 is getting to pfsense wan, but not 6060..

learn

@johnpoz said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

If you forwarded 6060 on your isp router

i didn't do this

@johnpoz said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

what destination IP is in your deny log to 3389

my wan address
source is the wan address of another pfsense's wan

Gertjan

@learn said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

is this .
i will try to do this and see if it'll works

If you have an upstream router, it's not a question of 'trying'. It has to be done.
Otherwise, as johnpoz keeps telling you : traffic can not reach (the WAN interface of) pfSense ....

johnpoz

@learn said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

i didn't do this

Well if your pfsense wan is behind a nat, and you didn't forward the port on your upstream router - how would it ever work.. Did you put pfsense wan IP into your upstream router into a dmz host setting or something.

edit: Maybe I confused posts.. Is your pfsense wan IP a public IP or rfc1918?

Gertjan

@johnpoz said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

Is your pfsense wan IP a public IP or rfc1918?

We were not allowed to know this :

johnpoz

@gertjan exactly ;)

learn

@johnpoz it is a public address that's why i highkited it sorry

johnpoz

@learn so have you managed to actually get traffic to hit your 6060 forward?

Or does your rule still show the 0/0 in the states column on your wan rule?

Nothing is ever going to work until you actually get traffic to pfsense for it to forward. Once it hits pfsense and you send it to the device behind pfsense IP on port 3389... You also need to make sure this device firewall allows traffic from a remote IP.. Out of the box windows firewall is sure not going to allow some remote IP to hit it on rdp.

edit: Here I just sent port 6060 to my pc 3389..

Notice that my test from outside shows success, and if I look on the state table in pfsense information has been exchanged.. My firewall on my pc on 192.168.9.100 allows this, and its using pfsense as its gateway.

learn

@gertjan said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

upstream route

i doubled checked and no i don't

johnpoz

@learn well if your not seeing traffic hit your pfsense wan IP on 6060, and your trying for forward traffic that hits your pfsense wan on 6060 to 3389.. How would it ever work.. Pfsense can not forward traffic it never sees..

Your sure the remote client is actually trying to connect on port 6060?? Your sure the remote site allows 6060 outbound?

Simple test.. Got to can you see me . org, set the port to 6060.. Do you see your rule states change from 0/0 ? Do a sniff on your wan while you do this test.. Do you see the traffic hit pfsense wan?

edit: here I turned off the port forward I had setup.. But a simple 10 second test can validate that traffic is hitting pfsense wan on port 6060

learn

@johnpoz how show me im lost and brain fogged

@johnpoz said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

Got to can you see me . org, set the port to 6060.

shows me failed connection timeout

@johnpoz said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

Pfsense can not forward traffic it never sees

it sees my packet coming but deny it with default rule i don't where i missed up

your picture of canyouseeme is my state rightnow whither the it is enabled or disabled
the only port that gives me green(port-test) is my lan address which im trying to to remote access with 3389 port if this helps!

johnpoz

@learn said in pfsense port forwarding/ WAN Default deny rule IPv4 (1000000103):

remote access with 3389 port if this helps!

No that doesn't help..

So setup a sniff on your pfsense wan for port 6060.. Packet capture under diag menu on pfsense. Now do the canyouseeme test.. Do you see the traffic in your sniff? If not then nothing you do on pfsense is going to get it to work.

Again pfsense can not forward traffic it never sees..