Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense 2.7.2 port forward port 80 443 22 21 etc blocked

    Scheduled Pinned Locked Moved NAT
    15 Posts 3 Posters 787 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cougarmaster
      last edited by

      Re: Port Forward 80 Webserver

      I had been running this for nearly a year and now all the standard ports are blocked and cannot forward to the web server these includes

      80 443 22 21 and otheres haven't tried yet is there a problem now? Also seeing the Firewall logs its all blocked.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @cougarmaster
        last edited by

        @cougarmaster so the packets are reaching pfSense and being blocked? By what rule?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        C 1 Reply Last reply Reply Quote 0
        • C
          cougarmaster @SteveITS
          last edited by cougarmaster

          @SteveITS I am not really sure it get blocked if you go into Firewall logs. The funny thing is other than standard ports getting blocked is all other ports are working no problems.

          0247b311-1e2d-439f-83b5-2aafb2bc7d49-image.png

          1 Reply Last reply Reply Quote 0
          • C
            cougarmaster
            last edited by cougarmaster

            I did set a host override and the web server works well but not able to access outside even with port forward with and without NAT

            1 Reply Last reply Reply Quote 0
            • C
              cougarmaster
              last edited by

              I checked with my ISP and all the port other than port 25 are not blocked the firewall is definitely dropping the connection for the specified ports to this server.

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @cougarmaster
                last edited by Gertjan

                @cougarmaster

                This :

                af92dc34-ee18-4e13-a872-c5e5d45cfaac-image.png

                is the default final 'hidden' firewall rule that blocks everything.
                If your WAN firewall rule list is empty, this will be the WAN default behavior : block everything.
                If you have rules on your WAN interface, classic firewall rules to reach a service port on pfSense, like the OpenVPN server, these will be tested/used first.

                These are mine :

                1f8bac4f-368f-4afb-8c54-5d004bd77ea1-image.png

                The first one (and related second) are classic firewall rules, as I have a OpenVPN server running on pfSense. This servers listens on the WAN interface, so I have to unblock it.

                The third rule : same thing using TCP port 4949 : a munin monitoring host. Note that is munin instance is only accessible from devices on the Internet that are listed in the SYS alias, and no one else.

                The fourth rule : same thing, but this is a firewall rule that belongs to a NAT furl : incoming traffic, again from the alias SYS only, gets redirected to the "diskstation2" alias (its 192.168.1.33) , an IPv4 LAN device, my syno NAS.

                Important : these counters :

                43f4bbd0-d15d-4f57-bb86-100b8f820671-image.png
                show me that traffic is hitting (matching) the rules, so I know that the rules are getting used.
                => I know that traffic that reached the pfSense WAN interface, was handled by these rules.
                if these rules stay at "0" then you might think traffic never even reaches pfSense ... ;)

                edit : As I have an upstream ISP router, my WAN has a RFC1918 IP, I had to place related "NAT" rules on the ISP router also.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                C 1 Reply Last reply Reply Quote 0
                • C
                  cougarmaster @Gertjan
                  last edited by cougarmaster

                  @Gertjan Thanks for the reply. I do have those in place I a have been using pfSense for so many years. This is the first time it failed. I happened when I need to change servers because the old server kinda was dying on me and need to change and it was working fine there. After the change everything started to happen. I tried using completely fresh install and did only port 443 it still blocked me. All other ports work perfectly. The web server ports do not work.

                  Openvpn works
                  HaProxy ports work
                  Dockers work
                  Only web server are blocked

                  To be clear I checked with ISP and none of the ports other than port 25 is NOT blocked.

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @cougarmaster
                    last edited by

                    @cougarmaster said in pfSense 2.7.2 port forward port 80 443 22 21 etc blocked:

                    I need to change servers

                    That's the LAN device, right ? with an - the same as the old - IP address like 192.168.1.10/24 etc
                    Is this server actually accepting connections from not only LAN, like 192.168.1.0/24 but the entire Internet ? Most often, 'Servers' have also firewalls.

                    @cougarmaster said in pfSense 2.7.2 port forward port 80 443 22 21 etc blocked:

                    The web server ports do not work.

                    Not sure if this can be related : move the pfSense GUI port 443 out of the way, by setting it to some other port number.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    C 1 Reply Last reply Reply Quote 0
                    • C
                      cougarmaster @Gertjan
                      last edited by

                      @Gertjan I can access everything from LAN and even access the web sites from LAN with Host Overrides so the server is completely fin and yes all UFW is disabled. Also I never use default ports for firewall and I access it on a different port.

                      1 Reply Last reply Reply Quote 0
                      • C
                        cougarmaster
                        last edited by

                        I think there is something wrong with 2.7.2 was using 2.7.0 fine maybe need to reinstall 2.7.0 and redo everything from scratch since I don't have a backup for that version. This is sad.

                        GertjanG 1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @cougarmaster
                          last edited by

                          @cougarmaster said in pfSense 2.7.2 port forward port 80 443 22 21 etc blocked:

                          I think there is something wrong with 2.7.2

                          If "2.7.2" could not handle something basic as a NAT rule, you would see, from the moment it was released, thousands of complaints on this forum.
                          Don't believe me : fact check right away .... there are none.
                          So, apply the basic rule : "It's not everybody, it's just you" ๐Ÿ˜Š

                          Btw : I'm using 24.03, basically the same code / OS etc and NAT just works fine. If it didn't, I couldn't use pfSense anymore.

                          @cougarmaster said in pfSense 2.7.2 port forward port 80 443 22 21 etc blocked:

                          I can access everything from LAN and even access the web sites from LAN

                          That's what I said above already.
                          From LAN it works.
                          But NAT rules imply that traffic is not coming from your LAN, but your WAN, to be more precis : any possible IP, not just your local RFC1918 LAN.
                          LAN traffic from a LAN device to your server doesn't even go through pfSense.

                          Show your WAN firewall and NAT rules.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          C 2 Replies Last reply Reply Quote 0
                          • C
                            cougarmaster @Gertjan
                            last edited by cougarmaster

                            @Gertjan d4a9915a-8eb7-4e27-9409-4fea746ec2d5-image.png71d1d429-62c8-49aa-9954-40d47497c99d-image.png4a0c8e94-3bf1-40b1-8ed4-6907928a1d25-image.png

                            1 Reply Last reply Reply Quote 0
                            • C
                              cougarmaster @Gertjan
                              last edited by

                              @Gertjan Don't get me wrong I was meant to say its not working for me. I am just frustrated why only the standard ports are getting blocked what is triggering the blocks. Of course I will continue to use pfSense as it served me idk 10 - 15 years?

                              1 Reply Last reply Reply Quote 0
                              • C
                                cougarmaster
                                last edited by

                                @Gertjan I think I got it solved maybe it the setting in the Advanced netowrking hardware settings for nic. I will test a bit more to be sure but now I can access the web server no problem. Also thanks for replying and helping.

                                1 Reply Last reply Reply Quote 0
                                • C
                                  cougarmaster
                                  last edited by cougarmaster

                                  @Gertjan I think its a checksum error that is preventing it if I disable the hardware checksum offload it work perfectly so I think that is the main cause. I did forget to mention I was on virtual and I forgot to disable the checksum in there now everything is working as it should I am sorry to cause so much confusion. Thank you again.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.