Port Forwarding is not working
-
I am trying to setup port forwarding to access a web server on the LAN side of the pfSense server. I have it setup to forward port 444 on the wan side to port 80 on the lan side.
WAN(444) > Server_IP(80)
I have followed the instructions in the documentation for setup and troubleshooting.
-
I have logging turned on on the firewall rule and the logs show that it is allowing the connection to go through.
-
I can see the packets on both the WAN and LAN side using tcpdump.
-
I pinged the web server from pfSense to make sure it is still running.
-
I have also run a port scan on the web server using nmap on pfSense to make sure the server was listening on port 80.
-
I can connect to the web server while on the LAN side of the network.
-
The web server's default gateway is set correctly.
I had to remove some of the IP addresses from the results below since they are publicly accessible.
tcpdump results on WAN side:
13:19:22.383616 IP <my ip="">.64393 > <wan ip="">.444: tcp 0 13:19:26.007615 IP <my ip="">.37963 > <wan ip="">.444: tcp 0 13:19:28.388441 IP <my ip="">.64393 > <wan ip="">.444: tcp 0 13:19:29.016340 IP <my ip="">.37963 > <wan ip="">.444: tcp 0 13:19:29.726565 IP <my ip="">.59670 > <wan ip="">.444: tcp 0 13:19:32.725387 IP <my ip="">.59670 > <wan ip="">.444: tcp 0 13:19:32.807075 IP <my ip="">.35767 > <wan ip="">.444: tcp 0 13:19:35.018054 IP <my ip="">.37963 > <wan ip="">.444: tcp 0</wan></my></wan></my></wan></my></wan></my></wan></my></wan></my></wan></my></wan></my>
tcpdump results on LAN side:
13:24:22.625308 IP <my ip="">.51928 > 192.168.5.10.80: tcp 0 13:24:23.085311 IP <my ip="">.59332 > 192.168.5.10.80: tcp 0 13:24:23.708635 IP <my ip="">.43035 > 192.168.5.10.80: tcp 0 13:24:25.614860 IP <my ip="">.51928 > 192.168.5.10.80: tcp 0 13:24:27.787732 IP <my ip="">.61719 > 192.168.5.10.80: tcp 0 13:24:29.090892 IP <my ip="">.59332 > 192.168.5.10.80: tcp 0 13:24:30.791572 IP <my ip="">.61719 > 192.168.5.10.80: tcp 0</my></my></my></my></my></my></my>
nmap port scan:
Starting Nmap 4.76 ( http://nmap.org ) at 2010-07-19 13:26 PDT Interesting ports on 192.168.5.10: Not shown: 999 filtered ports PORT STATE SERVICE 80/tcp open http MAC Address: 00:0C:C8:02:46:51 (Xytronix Research & Design) Nmap done: 1 IP address (1 host up) scanned in 5.01 seconds
Thanks in advance for any help.
-
-
Are you sure there isn't some kind of firewall/acl on the webserver blocking non-LAN hosts?
-
Double check the window firewall. Try turnning off the window firewall to make sure.
Then, Reboot the firewall state.