Port Forwarding issue.. Remote host using client machine LAN address.



  • I am having trouble with port forwarding (with 2.0 release).  I'm fairly certain that I have set the port forward set up correctly, but have something else very basic configured incorrectly, as I noticed something that seemed like it might be related.  When I test the working port forward with another router, the host reports correctly that port N on (my public IP address) is open.  When I test the nonworking port forward with my pfsense router, the host reports that port N on (my specific machine's private IP address: i.e. 192.168.0.202) is closed.  Similarly, I was surprised to see that at least one web site with a port scanning function reported my IP address as the private IP address.  This leads me to believe that I have something fundamental within pfsense configured incorrectly, as I am assuming that the destination should be reported as my public IP address, not my machine's private IP address.  Furthermore, I have the associated rule set to log traffic, and there are no entries in the log from when I run the test.

    Nonfunctioning port forwards have not been isolated to a single client machine or program, and I have tested with a variety of ports.

    Can anyone give me a clue as to what's gone wrong, based on the above?



  • The actual WAN IP (172.16.1.8) differs from my public IP, as it is assigned by a wireless radio, which is how I get internet.  All traffic, except that over a single port which the ISP uses to monitor the radio, is forwarded "transparently" to my WAN adapter's MAC address.  I use the MAC "spoofing" feature in pfsense, as well as with my other router, which I use for testing.  On the alternate router, port forwards work fine, and online services correctly report my public IP address.

    Here is one example of a port forward configuration that does not work (Though I have also tried "any", and "single host or alias" in Destination with my public IP, and with my actual WAN IP, with the same result).

    Disabled:  unchecked
    No RDR (NOT):  unchecked
    Interface:  WAN
    Protocol:  TCP/UDP (I have also tried "TCP" and "UDP")
    Source:  unchanged
    Destination:  WAN address
    Destination port range:  33334 (I have tested other ports)
    Redirect target IP:  192.168.0.101 (A different computer than the one in the original post)
    Redirect target port:  33334
    Description:  (blank)
    No XMLRPC Sync:  unchecked
    NAT reflection:  use system default (I have tried with NAT reflection enabled and disabled)
    Filter rule association:  Rule NAT (Automatically during selection of "Create new associated filter rule"; I have also tried "Pass")



  • It is now working as it should.  Factory reset.. probably a bad beta package.. no more aggravation.


Log in to reply