Port forwarding set, port still closed

Octopuss

I have a small home server that also acts as a torrent seedbox, but I also run torrent client on my PC.
I have created port forwarding rules for both machines, but only the port related to the server reports as opened. I don't get it. And yes, I tested this with torrent client running on my PC.
This is the rule.

Can anyone figure out what's wrong?
The rule should be correct, because if I disable it for the server, port 9000 shows as closed.

edit: just for the record, no rules related to my PC seem to work at all. I think they did in past when I created them. And yes, I do use correct IP address of my PC in the rules (static IP from DHCP).

Gertjan

@Octopuss

This rule (example)

is the address translation part.

The second part of the rule is visible on that WAN interface : for example :

The "0/2.34 Gb" in my example means : right now, no states open, and 2,34 GBytes of traffic was passed.

If you see a 0/0 then you k,ow that traffic never reached the WAN port of pfSense.

Octopuss

@Gertjan Ok, so it works (I rebooted pfSense and started a torrent and the states column started to show numbers), but the port still reports as closed. I presume qbittorrent somehow manages to connect anyway.
The puzzling part is the server has the port opened and it reacts to the port forward rule while the local instance doesn't.

Gertjan

@Octopuss said in Port forwarding set, port still closed:

while the local instance doesn't.

The local instance is on the 192.168.1.x network (LAN).
The seeder is on the 192.168.2.x network.

So, the local instance should use 192.168.168.2.6 as the "host name" (the server ?)
and
you should have a firewall rule on the 192.168.1.x network that permits traffic going to the 192.168.2.x interface.

Octopuss

@Gertjan No, you don't get it. Those are two completely separate torrent clients that run in the home network. They are completely unrelated, content-wise. The problem I'm talking about is the seedboxes port is showing as open (from one of those port checker websites) while the client I run on my own PC does not.

Gertjan

@Octopuss

The WAN firewall (NAT) rules ?
Did traffic come into the WAN ?
Is traffic accepted by the firewall of the PC ?

Octopuss

@Gertjan I don't understand the question.
Try different wording please. I know nothing about networking except for a few terms.

Bob.Dig

@Octopuss Try to enable NAT Reflection mode for port forwards in pfSense.

Octopuss

@Bob-Dig I vaguely remember this mentioned elsewhere. BUT I am absolutely certain I never changed this and I know for a fact both ports were open. The only thing I have changed in the past year is updating from pfSense 2.6.x to 2.7

edit: flipped it to enabled, rebooted just to be safe, and the port for my machine is still closed.

Gertjan

@Gertjan said in Port forwarding set, port still closed:

The WAN firewall (NAT) rules ?

You've shown the two NAT rules.
With every NAT rule, there is also a corresponding firewall rule, typically on the WAN interface.
Show that firewall rule... !?

Octopuss

Also, it's not that anything isn't working, quite the opposite:

But from what I remember, if port a torrent client is running on is not opened to the outside, no direct connections can be made, and the amount of seeders or leechers is limited. Bittorrent has some tech that makes it running regardless, but... you know.
Plus I know it used to work and I didn't change anything, so WTF is going on? And on top of that, it only doesn't "work" for my own PC, not the server. I'm just puzzled.

Octopuss

@Gertjan I can't post here anymore because something is flagging it as spam.
edit: ok, finally

Gertjan

@Octopuss

Ok : good :

Both are receiving traffic :

A boat load of states, like the good old torrent uses to have.

Octopuss

@Gertjan Yup, but why the heck this...

Bob.Dig

@Octopuss Many (or any) port checkers can only do TCP. But in your log you should see the connection from that site.

Octopuss

@Bob-Dig Fair enough, but why is the server's port open when it uses exactly the same bittorrent client with the same configuration? (TCP+UDP).

Octopuss

@Octopuss Ha, problem identified: ESET Smart Security's firewall. I have no idea what it does, but it blocks this. I forgot the software had actual firewall in it. Now I have to dig into the settings, bleh.