Is any question stupid? pfSense is blocking all external access WTH?
This should be piece of cake. :-X
I see in the installation this line: WAN is configured as DHCP client, all incoming connections are blocked by default. I'm using 2.0 by the way.
Great, what I don't see anywhere is how unblock some connections? Just adding rules?
Right now I added a bunch of rules, and all works fine from my internal network, but nothing works from outside.
Block * RFC 1918 networks * * * * * Block private networks
Block * Reserved/not assigned by IANA * * * * * * Block bogon networks
Pass TCP * 80 (HTTP) 192.168.29.108 8080 * none Web Server Default
Pass TCP * 8055 192.168.29.121 80 (HTTP) * none Ether Website
Pass TCP * 25 (SMTP) 192.168.29.130 25 (SMTP) * none NAT SMTP
Pass TCP * 465 (SMTP/S) 192.168.29.130 465 (SMTP/S) * none NAT SMTP
Pass TCP * 6622 192.168.29.130 8088 * none NAT SmarterMail
Pass TCP * 21 (FTP) 192.168.29.108 21 (FTP) * none NAT FTP
Pass TCP * 53 (DNS) 192.168.29.104 53 (DNS) * none NAT DNS
Pass TCP * 11801 192.168.29.134 11801 * none NAT SQL TST
Pass TCP * 2929 192.168.29.101 3389 (MS RDP) * none NAT Remote Desktop My Local
Pass TCP * 443 (HTTPS) 192.168.29.108 443 (HTTPS) * none NAT Secure DVM Web Support
Pass TCP * 2525 192.168.29.151 8080 * none TFS
Any help as you can imagine is very appreciated.
You need to add both port forwarding (NAT) and firewall rules. Try using the wizard instead of creating rules by hand.
As I create port firewall rules, it adds port forward rules automatically, so I'm not sure what you mean. Also there's no wizard for rules, is it?
Forgot to mention that I have 13 public static IP, so my gateway is set on XX.XX.XX.241 and WAN is XX.XX.XX.242 and I have another 12 VIP (right now not having any rule).
So right now is all using WAN Address /port to an internal IP /Port
All those devices are using the pfSense host's LAN IP as their default gateway?
All internal network is using the LAN static IP as gateway, and everything works from the internal network, can remote any machine, access any web, torrent, ftp, etc… is only from outside that nothing works, also there's no a single rule in the firewall showing pass, all logs only show blocked access...
Found a temporary solution to put it back the old RSV4000.
brcisna last edited by
Are you sure you set your CIDR number correctly for your WAN ip address? You can verify this by trying to ping your wan's gateway ip address from within the pfSense web gui and selecting the WAN interface to use,,,then ping the wan gateway. This will at least tell you if you have connectivity to the wan gateway.
This will be a starting point ,anyway.
May also be worth re-trying it without the use of the virtual IPs in case it was during the addition of those that things broke.
Basically, start with a simple config and work up until either it works, or you know what causes the problem (and then somebody may be able to fix it if it's a bug or help you resolve it if it isn't).
cmb last edited by
Source port is not the same as destination port, should be any.
First of all thanks to brcisna, Cry Havok, cmb, any help when you are about to get a axe to fix the glitch is great.
I finally managed to work, I started from scratch with a reset to factory defaults. Use the same configuration for WAN and LAN, did not add VIP (yet). And of course all traffic was being block again. Then added a simple rules for incoming HTTP into a custom port 8088. Still not working, then delete the rules and did an port forward and only then the thing worked. It's strange, as before I added rules, and port forward was added too, but (and maybe I'm too sleep drunk as is 4:30am and I'm up since yesterday), but it seems that you need to add a port forward and let pfSense to create the rule in the firewall, I don't see what is the difference, but hey, if works it works.
I'll go from here and after all the port forward/rules are working, I will start playing with VIP and 1-1 mapping (what was my initial objective in moving to pfSense anyway).