Port Forwding not working whatsoever

P8ntBal1551

i have 4 rules and none only 1 of them work (the ssh to my router)
i have tried all the troubleshooting tips and nothing happens
attached is an image of my rules

Efonnes

Did you test them from outside your network?

P8ntBal1551

multiple locations

danswartz

@P8ntBal1551:

multiple locations

You showed the port forward rules, but how about the access rules?

P8ntBal1551

is that what you want?  ???

greatmen

for me it didnt work also, im doing this:

need to be able to enter the web gui from internet and be able to enter to another gui (a buffalo router) inside the lan segment, so i did change the weg gui port to 8081 and nat:

WAN / TCP / 8081 / 192.168.0.1 (ext.: any) / 8081 (Auto-add a firewall rule to permit traffic through this NAT rule ON)

and with this i can actualy enter the weg gui, BUT i did the same using other port (8082) and nat to the 80 port of the buffalo, wich i can enter his web gui internaly, but externaly it didnt work!!! iev tryied all and nothing seems to work, i even delete the pfsense web gui access nat to let just the buffalo nat but i cant enter the buffalo externaly

clarknova

Various thoughts:

Is your ISP blocking incoming connections? Some do, especially with more common ports like 21, 25, 80 and 443.

Do you have the FTP helper activated? FTP transfers involve more than just port 21 and the FTP helper I believe is designed to help it function across the firewall.

Try turning on logging for you pass rules. Alternately, use tcpdump, packet capture, or wireshark to see if packets are arriving at the WAN on those ports.

Confirm that those hosts are reachable on those ports from inside the network, i.e., that the service is running and there is no host firewall blocking it.

grc.com's Shields Up service is handy for testing open ports on your network.

greatmen

thanks for fast answering…

the ports im using arent blocked by the ips (8000+)

userland FTP-Proxy application disable on wan, enable on lan

i log and the packets are ariving to wan but i log on wan and nothing is there!!!

the host (buffalo) is reachable inside...

so the problem is the firewall, the packet didnt go from wan to lan...

danswartz

couple of things: the 2nd ftp rule is useless, since it references the WAN IP, not the LAN IP.  Also, disable the ftp helper everywhere.

EddieA

@P8ntBal1551:

i have 4 rules and none only 1 of them work (the ssh to my router)

Is the router also port fowarding these.

@greatmen:

the ports im using arent blocked by the ips (8000+)

Not sure what you mean here, as you're fowarding ports 21, 22, 3389, and 15551.

@danswartz:

the 2nd ftp rule is useless, since it references the WAN IP, not the LAN IP.

Then why is that one is automatically generated by the NAT rules.

Cheers.

clarknova

@EddieA:

Not sure what you mean here, as you're fowarding ports 21, 22, 3389, and 15551.

Note that we're dealing with 2 different plaintiffs with a similar complaint.

EddieA

Oooops.  Didn't spot that.  :o

Why can't people start their own thread, instead of piggybacking on another.  Doing that usually ends up with neither being answered.    ;D

Cheers.

greatmen

bcoz, two treads for 1 same issue with only different tittle isnt kinda spamm?

jimp

@greatmen:

bcoz, two treads for 1 same issue with only different tittle isnt kinda spamm?

No, because your problem is not the same as the original poster's. It may seem similar, but it's still a separate issue. It's considered hijacking someone else's thread.

greatmen

@jimp:

@greatmen:

bcoz, two treads for 1 same issue with only different tittle isnt kinda spamm?

No, because your problem is not the same as the original poster's. It may seem similar, but it's still a separate issue. It's considered hijacking someone else's thread.

im sorry, it used to be like that in other forums… ill leave this thread.

good luck to the thread starter!