None of the FWD ports work



  • So I'm basically swaping out my smoothwall with a pfsense (i heard the traffic shaping is awesome, I think i still need to read a ton to really understand it.

    in any case

    http://imgur.com/34XC3

    All of this worked before (And work inside the lan) but I'm getting nothing on the outside, i've tried the domain then the outside IP. Not sure what I'm missing here. Maybe you guys can clue me in. it's a fresh install, all I did was change it's lan to 192.168.0.1 and the DHCP to .0.1, the .10 and .30 ips are manually inside in each respective servers, all running and accepting connections just fine. So what am I missing with pfsense to get these rules to actually work?

    thanks for the help.



  • Who is golf on your rdr rule and you did not associated the othe two redirects with rules.

    Do your static ip servers has pfsense as gateway?



  • Golf is .101 I tried setting it to DHCP to see if pfsense was ignoring packets that's destinations wern't in it's DHCP table, yes they all have 192.168.0.1 as a gateway, that's how my whole smoothwall system was around, they can access the internet fine and the rest of the network as expected. .10 is a WHS and all the file sharing and streaming just fine.

    anything I can check?



  • Do you think setting the 2 other servers as alias would make it work? because each of the windows boxes are manually configured for their respective IPs I don't ever worry about having to change them. But if that's the key I'm missing.

    I set the admin page to 441 to open up 80 (even though i have it set to https, it always seems to redirect 80, so I thought moving it would stop the redirect so I can get my web server out there)



  • After tooling around, I think my problem lies in the Lan configuration

    1, what should the subnet dropdown be? right now it's 192.168.0.1 /24 (is 24 = 255.255.255.0?)

    2, under that lan setting there is no gateway option, should I add one?

    I've got everything on the network as .0.1 so therefor 255.255.255.0, but I feel like this port forwarding is a subnet issue, anyway to check for that?



  • the subnet is fine.

    Change pfsense web gui to https (system -> advanced) to avoid problems with nat on port 80



  • Ok so after I messed too much with it decided to go back to square 1,

    Fresh install running 192.168.1.1 with all stock settings (I change over the nic because 1 of the nics seemed to be giving me a lot of delay)

    Just working with 1 server.

    ALPHA is on DHCP > Set the static to 192.168.1.10 in PF > Set Alias > set port forward TCP 8080 - 8081 via Alias

    I can access it internally just fine (via 192.168.1.10:8080) but can not access it externally via my 64...* from my ISP

    I double checked made sure I applied each setting after I saved it.

    edit I'll add that I know that the external connection is working fine because going to said 64...* ip routes me to the https pfsense config

    Any idea what I'm missing I feel like an idiot.

    edit edit I've been messing with this all day and I can't seem to figure out how to get this basic function to work, should I just abandon this and go back to smoothwall or IPcop? I really liked smoothwalls bandwidth bars that showed what ip was using the network but I wanted a distro that I could set the usenet server (or port) on the lowest piority so it would go full speed when no one was home but back off when people start to watch youtube and play games.

    But I left everything default and I can't seem to get anything to connect, no matter the computer or port or service, So I'm thinking it's a pfsense problem, could this be hardware? I did build a new box for doing pfsense (celeron D 3.4ghz with 1.5g DDR2) Or can you point me to where I could check a log of incoming requests and see if these requests are being blocked?

    Thank you guys so much for the help



  • ::) Ok I am an idiot, Turns out the port forwarding is working fine (they guy who tested it externally didn't know what he was doing) I tested it externally and it's all working as it should but I can't access it remotely (as in if I goto 64...* inside the network I don't get a response) I'm sure this is a security thing but I do a lot of my routing (for remote control and what not) externally for the convince of not having to use separate settings when i'm outside of my network.

    So what rule do I need to add to I can externally access myself?



  • Access a lan server on same lan with public ip will need an outbound nat to source nat lan client ip to firewall ip.

    Why don't you start using dns names to avoid this problem?



  • :P I'm a little confused on how DNS names would help, or where in pfsense I would even go to use them. are you talking about manually setting up internal routes, so depending on the port it will forward the packets internally to the respective server? I'd rather just be able to access the whole of my domain and external IP via inside the lan, I'm hoping I can do this with just one rule, but if there is a better way of doing this I'd love to hear it.



  • Read http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

    marcelloc is suggesting to use Method 2: Split DNS

    Note that pfsense's "NAT Reflection" doesn't work for UDP (yet).


Log in to reply