No NAT forwards seem to work



  • I'm having a problem where none of my NAT forwards seem to work.

    I created them using the instructions and ensured that create firewall rule was ticked as well
    Attached is my port forward entry and my firewall rule

    If I packet sniff the LAN traffic I get this
    13:13:19.177184 IP 115.166.x.x.60582 > 192.168.4.198.80: tcp 0
    13:13:22.145989 IP 115.166.x.x.60582 > 192.168.4.198.80: tcp 0
    13:13:28.146228 IP 115.166.x.x.60582 > 192.168.4.198.80: tcp 0

    If I packet sniff on my machine(192.168.4.198) I receive no packets at all

    I can use telnet to access port 80 on 192.168.4.198 from pfsense as well.

    Something that may be related is that I cannot access SSH even though it is enabled and I am on the LAN.

    ![firewall rule.gif.gif](/public/imported_attachments/1/firewall rule.gif.gif)
    ![firewall rule.gif.gif_thumb](/public/imported_attachments/1/firewall rule.gif.gif_thumb)
    ![port foward.gif](/public/imported_attachments/1/port foward.gif)
    ![port foward.gif_thumb](/public/imported_attachments/1/port foward.gif_thumb)



  • I see that your WAN is in a private subnet.
    Did you uncheck the "block RFC1918 subnets" checkbox on the WAN config page?



  • @GruensFroeschli:

    I see that your WAN is in a private subnet.
    Did you uncheck the "block RFC1918 subnets" checkbox on the WAN config page?

    Good question. I checked and it is turned off.

    By the way I forgot to update my post but SSH is now working, I restarted and saw in the logs where it had finished generating the keys so that makes troubleshooting a bit easier at least.

    To give a quick idea of the network topology:
    ADSL modem/router(192.168.1.0) -> pfsense-> LAN(192.168.4.0)

    Port forwards are configured both on the adsl modem/router and configured in pfsense with firewall rules.



  • I find it a bit strange that you can see with a TCP dump leaving traffic on the pfSense but nothing incomming on ther server.
    Could you wireshark externally right at the interface if anything goes out at all? (with a hub, not with a switch).



  • Thanks for your help GruensFroeschli, I've fixed it.

    The problem was a firewall. Disabled it and it's all working now so now all I need to do is configure rules.

    I thought wireshark captured before the firewall but it seems not.


Log in to reply