Can’t forward gateway WAN Port 1360 to host on internal private network
-
Should be straightforward: Trying to forward Port 1360 from the WAN to internal host at 192.168.1.105. Requests are not reaching 192.168.1.105.
This is how I have to set up my NAT rule:
The associated filter rule is
To test this the service on Port 1360 at the host 192.168.1.105 I issue this command
telnet 192.168.1.105 1360from the same subnet. I get this response:
Trying 192.168.1.105... Connected to 192.168.1.105. Escape character is '^]'. 1d ??R??x?? ?n?|> s)??bj,?I???ɎConnection closed by foreign host.Perfectly normal, right?
Then, when I am outside of my home network and try
telnet xxx.xxx.xxx.xxx 1360where xxx.xxx.xxx.xxx is the FQDN of my internet gateway on the internet, I get this
Trying ###.###.###.###... telnet: connect to address ###.###.###.###: Network is unreachable telnet: Unable to connect to remote host -
@dominikhoffmann well your rule shows hits see the 0/11 on you rule.. So that would point to firewall on your 192.168.1.105, or that box not pointing back to pfsense as its gateway.
-
@johnpoz: Merry Christmas!
There is no firewall running on the local host:
The IP configuration is correct, also:
I did a packet capture on the WAN port, and it shows that the connection attempt arrives there and therefore is not blocked upstream, somehow.The mystery remains!
-
One thing I had not thought to do before but did just now was to reboot the gateway.
Lo and behold, it is working now!
-
@dominikhoffmann said in Can’t forward gateway WAN Port 1360 to host on internal private network:
was to reboot the gateway.
What gateway - you mean pfsense? There should of been no reason to reboot pfsense..
If you have traffic hitting your wan, sniff (packet capture) on pfsense on the lan side interface - do you see traffic being sent to where you said to send it?
Maybe there was a bad state and a reboot of pfsense would for sure clear that, but you could of also just killed off the bad state without having to reboot. Glad you got it sorted.
-
@dominikhoffmann If you’re talking about a Comcast modem/router, I’ve seen that before when it apparently blocks the connection.
-
@steveits: I have a direct hand-off from our co-op fiberoptic internet provider. No ISP blocks whatsoever.
It was the pfSense gateway I rebooted to get it working.
-
@dominikhoffmann my guess with that would of been a state was still there then. If you run into a scenario again - check your state table.. The really the only reason ever that you should have to reboot your pfsense is an update of its version.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
@johnpoz Or fix a changed dynamic IPv6 prefix.
-
@johnpoz: Still learning!
I have been a lifelong Apple user. Rebooting systems has been ingrained in me, although I have learned more about the different services to know how to restart them individually, without having to reboot the computer.
On Windows, even with Windows 11, you still have to reboot your computer, if you change its WINS name.
🤮
-
@johnpoz said in Can’t forward gateway WAN Port 1360 to host on internal private network:
Maybe there was a bad state and a reboot of pfsense would for sure clear that, but you could of also just killed off the bad state without having to reboot. Glad you got it sorted.
It appears to have happened again.
So I looked at the state table. Very confusing. Two questions:
- What am I looking for?
- Once I find that, will it suggest a solution for this thing to not happen again?
-
@dominikhoffmann said in Can’t forward gateway WAN Port 1360 to host on internal private network:
What am I looking for?
A existing state pointing with the wrong IP on it or something.. Kill the bad state..
