Port Forwarding is not working

  • I am trying to setup port forwarding to access a web server on the LAN side of the pfSense server. I have it setup to forward port 444 on the wan side to port 80 on the lan side.

    WAN(444) > Server_IP(80)

    I have followed the instructions in the documentation for setup and troubleshooting.

    • I have logging turned on on the firewall rule and the logs show that it is allowing the connection to go through.

    • I can see the packets on both the WAN and LAN side using tcpdump.

    • I pinged the web server from pfSense to make sure it is still running.

    • I have also run a port scan on the web server using nmap on pfSense to make sure the server was listening on port 80.

    • I can connect to the web server while on the LAN side of the network.

    • The web server's default gateway is set correctly.

    I had to remove some of the IP addresses from the results below since they are publicly accessible.

    tcpdump results on WAN side:

    13:19:22.383616 IP <my ip="">.64393 > <wan ip="">.444: tcp 0
    13:19:26.007615 IP <my ip="">.37963 > <wan ip="">.444: tcp 0
    13:19:28.388441 IP <my ip="">.64393 > <wan ip="">.444: tcp 0
    13:19:29.016340 IP <my ip="">.37963 > <wan ip="">.444: tcp 0
    13:19:29.726565 IP <my ip="">.59670 > <wan ip="">.444: tcp 0
    13:19:32.725387 IP <my ip="">.59670 > <wan ip="">.444: tcp 0
    13:19:32.807075 IP <my ip="">.35767 > <wan ip="">.444: tcp 0
    13:19:35.018054 IP <my ip="">.37963 > <wan ip="">.444: tcp 0</wan></my></wan></my></wan></my></wan></my></wan></my></wan></my></wan></my></wan></my>

    tcpdump results on LAN side:

    13:24:22.625308 IP <my ip="">.51928 > tcp 0
    13:24:23.085311 IP <my ip="">.59332 > tcp 0
    13:24:23.708635 IP <my ip="">.43035 > tcp 0
    13:24:25.614860 IP <my ip="">.51928 > tcp 0
    13:24:27.787732 IP <my ip="">.61719 > tcp 0
    13:24:29.090892 IP <my ip="">.59332 > tcp 0
    13:24:30.791572 IP <my ip="">.61719 > tcp 0</my></my></my></my></my></my></my>

    nmap port scan:

    Starting Nmap 4.76 ( http://nmap.org ) at 2010-07-19 13:26 PDT
    Interesting ports on
    Not shown: 999 filtered ports
    80/tcp open  http
    MAC Address: 00:0C:C8:02:46:51 (Xytronix Research & Design)
    Nmap done: 1 IP address (1 host up) scanned in 5.01 seconds

    Thanks in advance for any help.

  • Are you sure there isn't some kind of firewall/acl on the webserver blocking non-LAN hosts?

  • Double check the window firewall.  Try turnning off the window firewall to make sure.

    Then, Reboot the firewall state.

Log in to reply