Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding not (always) working in VM

    Scheduled Pinned Locked Moved NAT
    7 Posts 3 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cooLopke
      last edited by

      Hello

      Current networking setup:

      (external IP)Modem/router(192.168.0.0/24) ==> Server(with pfSense VM in VirtualBox(internal network 192.168.123.0/24) ==> Switch ==> LAN HOSTS

      The Modem/Router has the WAN IP of the pfSense Router in it's DMZ so all traffic is forwarded to the pfSense Router.

      At the moment I've got pfSense version RC1 (also tried latest version same problem) running in VirtualBox on my server. This server has 2 NICs (eth0 (LAN) and eth1 (connected to modem/router)).

      nic1 to bridge eth0 (192.168.123.10) ==> becomes em0 in pfSense (virtual IP: 192.168.2.1)
      nic2 to bridge eth1 (192.168.0.114) ==> becomes em1 in pfSense (virtual IP: 192.168.0.107)

      I'm using the nictype "Intel PRO/1000 MT Desktop (82540EM)" in pfsense it's recognized as "Intel PRO/1000 Legacy Network Adapter 1.0.3 not that this is important cause I also tried other virtual nics.

      Current NAT Port Forward rule and associated rule:

      As you can see I want to redirect port 50122 to port 80 and sent this to 192.168.123.10 (server IP interface: eth0)

      I then used a port checker tool on the internet to see if it's working. In the system logs of pfSense I can see that the redirection is a success. (I checked the port 3 times, that's why you see 3 lines)

      So I check the logs on my server to see if I can find the corresponding packets. On my server I've got ufw running which HAS NOT got port 80 ALLOWED. I did this on purpose, because this way I can check the ufw logs if the packet is there. However when I check my log file I can't find a rule. Which means the packet never even arrived!

      As you can see I filtered on DPT=80 and the corresponding packet isn't there.

      Does anyone know a solution that port forwarding is actually working on a VM??!!

      Thanks!

      Grtz

      edit: bridging the modem/router is NOT an option since it belongs to the ISP and I can't access that option.

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        I think using tcpdump is a better way see if the packet is getting to the server. You can also run tcpdump from the pfSense GUI also so that you can check packet passage on the FW.

        1 Reply Last reply Reply Quote 0
        • C
          cooLopke
          last edited by

          Ok this is what I've done. I enabled port 80 on the server: command: sudo ufw allow from any to any port 80.

          Next I've simulated the packet with tcpdump on the pfSense and the server as you asked me to.

          TCPDump pfSense:

          TCPDump Server:

          Error message port checker www.canyouseeme.org (8.23.224.110)

          I'm running apache2 on the server and 192.168.2.100 is the client I used to check the port.

          Looks like the packet is actually arriving on the server, but why doesn't it see my open port? Sometimes when I reboot the server and VM it works, but the next time I boot it doesn't anymore.

          Thanks for helping me.

          Grtz

          1 Reply Last reply Reply Quote 0
          • C
            cooLopke
            last edited by

            I think there's something wrong with the local server or with the bridging of the interface. I just tested a client machine on my LAN and port forwarding is working without any problems. I guess I have to reinstall my complete server then to test if it works then… damn... :(. It's so strange because when I open ports on my server and check inside my local LAN then there's no problem at all. I think it's the bridging that is causing the problem?

            Does anyone have the same setup like me and does it work for you?

            Thanks

            Grtz

            1 Reply Last reply Reply Quote 0
            • P
              podilarius
              last edited by

              I am still a little unsure of your setup. I get that you are running this on virtual box, which is okay, but imo virtual box networking is somewhat lacking and needs work. Don't get me wrong, I loves me some virtual box. I use it as part of a desktop replacement machine. Also, on your server, turn off the local firewall and see if that is causing you grief.

              1 Reply Last reply Reply Quote 0
              • C
                cooLopke
                last edited by

                Do you think so? Maybe you have a better setup like me then, can you tell me what I could change. I wanted a server + router, that's why I virtualized pfsense. Also this way it's also a bit more seperated.

                Btw, already tried to turn off ufw, but that's giving me the same error. Sometimes open and most of the time closed.

                Thanks for the reply.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  You know I tried this quite some time ago, and was not working on vmware 2.0 server - forwards would not work to devices that were using a bridged interface on the HOST machine.  But to other physical devices in the network it would work.

                  I gave up, since fowarding to other virtual machines is a requirement for me.

                  Now I have moved away from vmware 2.0 server, hardware is not capable of running esxi – and I know virtual box has recently enabled promiscuous option.  So I might have to re attempt this..

                  Here was my old thread
                  http://forum.pfsense.org/index.php/topic,27599.0.html

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.