NATting with Hybrid Outbound Sometimes Working
-
I'm looking for some assistance. I've had pfSense for years, and the configuration has been tweaked many times due to me finding things to optimize, not always sure if they are needed though. I'm not a networking expert by any means, just can Google from time to time.
My setup is Google Fiber -> pfSense -> network. No VLANs.
I have a bunch of Services installed on pfSense, but don't think they would cause an issue.
My issue is that I currently have TCP/443 open to a system in my network and https://canyouseeme.org/ says it is open. But if I try to open a different port to a different system I get errors on https://canyouseeme.org/ saying it isn't open.
I've been Googling and can't seem to figure it out. What additional information would be needed to help troubleshoot this issue?
-
@kaysersosa said in NATting with Hybrid Outbound Sometimes Working:
But if I try to open a different port to a different system I get errors on https://canyouseeme.org/ saying it isn't open.
And are you not able to reach that other system from the outside? In some cases I have found that the port testing site sais a port is closed, even though I know it's open. Can be due to wrong protocol being used, or the server is down and nothing responds.
[EDIT] Reading your title, NATing with Hybrid Outbound... what do you mean? You are talking about accessing services inside your network from the internet. What is it you are trying to do with Hybrid Outbound? Auto will do it most of the time...
-
I use https://canyouseeme.org/ to just tell me if my port is open from outside my network. What I want to open is UDP, but I've been opening both TCP/UDP just to test.
I have a webserver using 443 and don't have any issues with it. I had opened that port a few years back.
Unless my understanding is wrong, I should be able to open a port forward in pfSense and it should be able to be seen from outside my network as open.
I tried on Linux and Windows systems and still says closed.
Regarding the Hybrid, I'm talking about Firewall/NAT/Outbound, the Outbound NAT Mode is set to Hybrid. I don't remember the reasoning behind it, but the mini PC I have pfSense on has 4 ports, 1 I have set for WAN and the other 3 are internal. I have 1 for my LAN which is all of my systems. At one point I had a Guest Network on one of them, but nothing is connected any more, so it is just mapping. I just changed it back to automatic.
-
@kaysersosa said in NATting with Hybrid Outbound Sometimes Working:
I use https://canyouseeme.org/ to just tell me if my port is open from outside my network. What I want to open is UDP, but I've been opening both TCP/UDP just to test.
My point is, you can't always trust the result from port testing sites...
What type of server is it you are trying to open the port towards?
Best way to test is to actually have the server up and running and try accessing it from the internet. Use a VPN or a laptop tethered to your phone...
Or, if you set Pure NAT and Automatic NAT reflection under System > Advanced > Firewall & NAT, you test from any device on your LAN using your external IP. -
Check the firewall settings under GoogleFiber router?
-
I am trying to setup a game server. I have had the server up and running on a couple different Windows systems. I'm building a Ubuntu server to test on as well. I have hosted game servers (not this one) in the past without issues, but having problems now.
The game server calls for UDP ports, but I'm opening TCP and UDP, mainly so I can see if the ports are visible using something like https://canyouseeme.org/. I've never had an issue with this site in the past.
From the game I can access the server only if I'm running on the same system I'm playing the game from. If I host the server on another internal system, I then can't see it. This is throwing possible Windows firewall issues.
I have confirmed that I have Windows Defender firewalls open for inbound TCP & UDP to the program on the needed ports. Nmap comes back stating closed for TCP and UDP.
nmap -Pn -p<portnum> -sS -sV <ip address> -- TCP closed
nmap -Pn -p<portnum> -sU -sV <ip address> -- UDP closed
nmap -Pn -p<portnum> -sT -sV <ip address> -- TCP filtered sw-orionI found this site that will tell you if your game server is up, and mine has never shown up in it.
https://gamemonitoring.net/. I have also had a friend outside my home tell me they don't see the server.My NAT Reflection mode is set to Pure NAT -- under System > Advanced > Firewall & NAT
I am honestly at a loss and have no clue what and where the block it. I figured I would at least start with the NAT in pfSense and go from there.
-
@kaysersosa Get a public IP from your ISP
-
@kaysersosa said in NATting with Hybrid Outbound Sometimes Working:
From the game I can access the server only if I'm running on the same system I'm playing the game from. If I host the server on another internal system, I then can't see it. This is throwing possible Windows firewall issues.
So just so I understand... if you run the server on PC A, and try to access it from PC B, both on your LAN, your can't?
It only works if you host it on A and try to access it from A ??@kaysersosa said in NATting with Hybrid Outbound Sometimes Working:
My NAT Reflection mode is set to Pure NAT -- under System > Advanced > Firewall & NAT
And what about Automatic NAT reflection, is that on?
-
@Strike1asd
There isn't a GoogleFiber router and GoogleFiber doesn't block any ports from what I've researched.My pfSense is connected directly into the Fiber to Ethernet connector.
