Having problems with port forward



  • http://img231.imageshack.us/i/firewallrules.jpg/

    That's what my firewall rule is.  I had it set to 192.168.0.2 (web server) as destination and it didn't work.  What else should I be looking for?
    I had this working and then one day I tried to open up another port to that same server and it stopped working.  Any ideas?



  • The source port is NOT going to be TCP 80.  Source ports are a randomly selected, high numbered port.  Set your source port to any and this rule will be correct.  Destination should be to a specific IP address, the internal IP address of your web server.


  • Netgate Administrator

    Shouldn't the destination address be the WAN ip if it's used for port forwarding?  :-\

    I presume you have setup a portforwarding rule as well as the firewall rule.

    Steve



  • In pfsense 2.0 the easiest way to do port forwarding is to go to "FIREWALL -> NAT" and create the Port Forwarding rule AND within the Port Forwarding rule you can add the correct firewall rule with "Filter rule association".

    @stephenw10
    In the firewall rule, the destination address isn't the WAN address but the web server address (192.168.0.2).
    In the NAT rule you are right.

    Nevertheless like submicron said:
    The source port has to be "any" and NOT 80.


  • Netgate Administrator

    Hmm, that's interesting.
    So, it's hard to visualise but, the port forwarder is 'outside' the firewall?
    I.e. from the point of view of an incoming packet on WAN it hits the portforwarding rule before the firewall filter. I would have thought it was the other way around. I'll have to go and re-read the docs!

    Steve



  • That makes sense.  I knew that was how the firewall worked just forgot the source port needed to be *.  I must have changed that on accident when I was trying to forward another port which probably had the same problem!  Thanks!


Log in to reply