No NAT forwards seem to work
-
I'm having a problem where none of my NAT forwards seem to work.
I created them using the instructions and ensured that create firewall rule was ticked as well
Attached is my port forward entry and my firewall ruleIf I packet sniff the LAN traffic I get this
13:13:19.177184 IP 115.166.x.x.60582 > 192.168.4.198.80: tcp 0
13:13:22.145989 IP 115.166.x.x.60582 > 192.168.4.198.80: tcp 0
13:13:28.146228 IP 115.166.x.x.60582 > 192.168.4.198.80: tcp 0If I packet sniff on my machine(192.168.4.198) I receive no packets at all
I can use telnet to access port 80 on 192.168.4.198 from pfsense as well.
Something that may be related is that I cannot access SSH even though it is enabled and I am on the LAN.
![firewall rule.gif.gif](/public/imported_attachments/1/firewall rule.gif.gif)
![firewall rule.gif.gif_thumb](/public/imported_attachments/1/firewall rule.gif.gif_thumb)
![port foward.gif](/public/imported_attachments/1/port foward.gif)
![port foward.gif_thumb](/public/imported_attachments/1/port foward.gif_thumb) -
I see that your WAN is in a private subnet.
Did you uncheck the "block RFC1918 subnets" checkbox on the WAN config page? -
I see that your WAN is in a private subnet.
Did you uncheck the "block RFC1918 subnets" checkbox on the WAN config page?Good question. I checked and it is turned off.
By the way I forgot to update my post but SSH is now working, I restarted and saw in the logs where it had finished generating the keys so that makes troubleshooting a bit easier at least.
To give a quick idea of the network topology:
ADSL modem/router(192.168.1.0) -> pfsense-> LAN(192.168.4.0)Port forwards are configured both on the adsl modem/router and configured in pfsense with firewall rules.
-
I find it a bit strange that you can see with a TCP dump leaving traffic on the pfSense but nothing incomming on ther server.
Could you wireshark externally right at the interface if anything goes out at all? (with a hub, not with a switch). -
Thanks for your help GruensFroeschli, I've fixed it.
The problem was a firewall. Disabled it and it's all working now so now all I need to do is configure rules.
I thought wireshark captured before the firewall but it seems not.