Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    None of the FWD ports work

    Scheduled Pinned Locked Moved NAT
    11 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mavermc
      last edited by

      So I'm basically swaping out my smoothwall with a pfsense (i heard the traffic shaping is awesome, I think i still need to read a ton to really understand it.

      in any case

      http://imgur.com/34XC3

      All of this worked before (And work inside the lan) but I'm getting nothing on the outside, i've tried the domain then the outside IP. Not sure what I'm missing here. Maybe you guys can clue me in. it's a fresh install, all I did was change it's lan to 192.168.0.1 and the DHCP to .0.1, the .10 and .30 ips are manually inside in each respective servers, all running and accepting connections just fine. So what am I missing with pfsense to get these rules to actually work?

      thanks for the help.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Who is golf on your rdr rule and you did not associated the othe two redirects with rules.

        Do your static ip servers has pfsense as gateway?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • M
          mavermc
          last edited by

          Golf is .101 I tried setting it to DHCP to see if pfsense was ignoring packets that's destinations wern't in it's DHCP table, yes they all have 192.168.0.1 as a gateway, that's how my whole smoothwall system was around, they can access the internet fine and the rest of the network as expected. .10 is a WHS and all the file sharing and streaming just fine.

          anything I can check?

          1 Reply Last reply Reply Quote 0
          • M
            mavermc
            last edited by

            Do you think setting the 2 other servers as alias would make it work? because each of the windows boxes are manually configured for their respective IPs I don't ever worry about having to change them. But if that's the key I'm missing.

            I set the admin page to 441 to open up 80 (even though i have it set to https, it always seems to redirect 80, so I thought moving it would stop the redirect so I can get my web server out there)

            1 Reply Last reply Reply Quote 0
            • M
              mavermc
              last edited by

              After tooling around, I think my problem lies in the Lan configuration

              1, what should the subnet dropdown be? right now it's 192.168.0.1 /24 (is 24 = 255.255.255.0?)

              2, under that lan setting there is no gateway option, should I add one?

              I've got everything on the network as .0.1 so therefor 255.255.255.0, but I feel like this port forwarding is a subnet issue, anyway to check for that?

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                the subnet is fine.

                Change pfsense web gui to https (system -> advanced) to avoid problems with nat on port 80

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • M
                  mavermc
                  last edited by

                  Ok so after I messed too much with it decided to go back to square 1,

                  Fresh install running 192.168.1.1 with all stock settings (I change over the nic because 1 of the nics seemed to be giving me a lot of delay)

                  Just working with 1 server.

                  ALPHA is on DHCP > Set the static to 192.168.1.10 in PF > Set Alias > set port forward TCP 8080 - 8081 via Alias

                  I can access it internally just fine (via 192.168.1.10:8080) but can not access it externally via my 64...* from my ISP

                  I double checked made sure I applied each setting after I saved it.

                  edit I'll add that I know that the external connection is working fine because going to said 64...* ip routes me to the https pfsense config

                  Any idea what I'm missing I feel like an idiot.

                  edit edit I've been messing with this all day and I can't seem to figure out how to get this basic function to work, should I just abandon this and go back to smoothwall or IPcop? I really liked smoothwalls bandwidth bars that showed what ip was using the network but I wanted a distro that I could set the usenet server (or port) on the lowest piority so it would go full speed when no one was home but back off when people start to watch youtube and play games.

                  But I left everything default and I can't seem to get anything to connect, no matter the computer or port or service, So I'm thinking it's a pfsense problem, could this be hardware? I did build a new box for doing pfsense (celeron D 3.4ghz with 1.5g DDR2) Or can you point me to where I could check a log of incoming requests and see if these requests are being blocked?

                  Thank you guys so much for the help

                  1 Reply Last reply Reply Quote 0
                  • M
                    mavermc
                    last edited by

                    ::) Ok I am an idiot, Turns out the port forwarding is working fine (they guy who tested it externally didn't know what he was doing) I tested it externally and it's all working as it should but I can't access it remotely (as in if I goto 64...* inside the network I don't get a response) I'm sure this is a security thing but I do a lot of my routing (for remote control and what not) externally for the convince of not having to use separate settings when i'm outside of my network.

                    So what rule do I need to add to I can externally access myself?

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      Access a lan server on same lan with public ip will need an outbound nat to source nat lan client ip to firewall ip.

                      Why don't you start using dns names to avoid this problem?

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • M
                        mavermc
                        last edited by

                        :P I'm a little confused on how DNS names would help, or where in pfsense I would even go to use them. are you talking about manually setting up internal routes, so depending on the port it will forward the packets internally to the respective server? I'd rather just be able to access the whole of my domain and external IP via inside the lan, I'm hoping I can do this with just one rule, but if there is a better way of doing this I'd love to hear it.

                        1 Reply Last reply Reply Quote 0
                        • D
                          dhatz
                          last edited by

                          Read http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

                          marcelloc is suggesting to use Method 2: Split DNS

                          Note that pfsense's "NAT Reflection" doesn't work for UDP (yet).

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.