Reach WAN with port forwarding from LAN

Solidus_Richard

Hi to all, I need your help.

I have this scenario.

192.168.1.1<–--LAN-----> PFSENSE <-----WAN-----> 189.XXX.YYY.ZZZ

and I have some port redirections from WAN to some servers with ports like 8085, 8084 etc.

When I try to access the servers from another internet link (from outside world) I have no problem, forwarding works fine.
ej. http://189.XXX.YYY.ZZZ:8084 works fine from outside world

But when I try to access the servers from inside the LAN, I receive a timeout.

I have no firewall restriction from inside LAN to WAN.

What could be the problem?

thanks in advance.

Ricardo

gderf

Read up on NAT Reflection.

Solidus_Richard

My apology, there was only a matter of little search in the forum.

this is the answer.

http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

Thanks gderf

Guest

Hi guys,

I have the samen problem. Regular internet ports from LAN to WAN do work. Internet to www sites.
Other special ports like 8080 or 2095 don't get out. I tried putting Reflection off it doesn't work.

It blocks on the LAN interface. Even when I allow the blocked traffic via Easyrule 8080 to any it doesn't work.

What's wrong?
PFS 2.0RC3

Metu69salemi

@Martin:
how did you made those rules? if you defined source port, then it's not going to work at most cases

Guest

Hi,

For incoming NAT ports we worked with the NAT-rule and auto-create FW-rule. Now I found out our internal machines can't get out on 8080 or 2095, I tried adding manual rule in NAT of FW. Reflection checkbox is cleared.

Does this help?

I've got one machine who's only a simply pc for internet. No special port outgoing. He works fine through PFS.

Also I made a rule in LAN (FW) and gave a PC all ANY right to outside…. doesn't work. (attached)

![Schermafbeelding 2011-09-17 om 11.35.02.png](/public/imported_attachments/1/Schermafbeelding 2011-09-17 om 11.35.02.png)
![Schermafbeelding 2011-09-17 om 11.35.02.png_thumb](/public/imported_attachments/1/Schermafbeelding 2011-09-17 om 11.35.02.png_thumb)

Metu69salemi

Sorry, can't help you haven't done this. have you checked wiki?

Guest

docu and wiki is not good in general is my opinion. Usually a general explanation instead of clear instruction/steps.
Thanks

Metu69salemi

pfsense own wiki is quite good

Guest

There is a lot of info but no good setup how start and have these exeptions like my problems. At least we can't find the info. If you know where to start please reply.

pfSense has a lot of functions and is light and quick. The GUI should be more integrated in one screen. Now I have to do something in NAT-rules and then in FW-rules. At present we have the issue traffic can't get out on ports 8080 and 2095 eg…...