Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    None of the FWD ports work

    NAT
    3
    11
    2607
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mavermc last edited by

      So I'm basically swaping out my smoothwall with a pfsense (i heard the traffic shaping is awesome, I think i still need to read a ton to really understand it.

      in any case

      http://imgur.com/34XC3

      All of this worked before (And work inside the lan) but I'm getting nothing on the outside, i've tried the domain then the outside IP. Not sure what I'm missing here. Maybe you guys can clue me in. it's a fresh install, all I did was change it's lan to 192.168.0.1 and the DHCP to .0.1, the .10 and .30 ips are manually inside in each respective servers, all running and accepting connections just fine. So what am I missing with pfsense to get these rules to actually work?

      thanks for the help.

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        Who is golf on your rdr rule and you did not associated the othe two redirects with rules.

        Do your static ip servers has pfsense as gateway?

        1 Reply Last reply Reply Quote 0
        • M
          mavermc last edited by

          Golf is .101 I tried setting it to DHCP to see if pfsense was ignoring packets that's destinations wern't in it's DHCP table, yes they all have 192.168.0.1 as a gateway, that's how my whole smoothwall system was around, they can access the internet fine and the rest of the network as expected. .10 is a WHS and all the file sharing and streaming just fine.

          anything I can check?

          1 Reply Last reply Reply Quote 0
          • M
            mavermc last edited by

            Do you think setting the 2 other servers as alias would make it work? because each of the windows boxes are manually configured for their respective IPs I don't ever worry about having to change them. But if that's the key I'm missing.

            I set the admin page to 441 to open up 80 (even though i have it set to https, it always seems to redirect 80, so I thought moving it would stop the redirect so I can get my web server out there)

            1 Reply Last reply Reply Quote 0
            • M
              mavermc last edited by

              After tooling around, I think my problem lies in the Lan configuration

              1, what should the subnet dropdown be? right now it's 192.168.0.1 /24 (is 24 = 255.255.255.0?)

              2, under that lan setting there is no gateway option, should I add one?

              I've got everything on the network as .0.1 so therefor 255.255.255.0, but I feel like this port forwarding is a subnet issue, anyway to check for that?

              1 Reply Last reply Reply Quote 0
              • marcelloc
                marcelloc last edited by

                the subnet is fine.

                Change pfsense web gui to https (system -> advanced) to avoid problems with nat on port 80

                1 Reply Last reply Reply Quote 0
                • M
                  mavermc last edited by

                  Ok so after I messed too much with it decided to go back to square 1,

                  Fresh install running 192.168.1.1 with all stock settings (I change over the nic because 1 of the nics seemed to be giving me a lot of delay)

                  Just working with 1 server.

                  ALPHA is on DHCP > Set the static to 192.168.1.10 in PF > Set Alias > set port forward TCP 8080 - 8081 via Alias

                  I can access it internally just fine (via 192.168.1.10:8080) but can not access it externally via my 64...* from my ISP

                  I double checked made sure I applied each setting after I saved it.

                  edit I'll add that I know that the external connection is working fine because going to said 64...* ip routes me to the https pfsense config

                  Any idea what I'm missing I feel like an idiot.

                  edit edit I've been messing with this all day and I can't seem to figure out how to get this basic function to work, should I just abandon this and go back to smoothwall or IPcop? I really liked smoothwalls bandwidth bars that showed what ip was using the network but I wanted a distro that I could set the usenet server (or port) on the lowest piority so it would go full speed when no one was home but back off when people start to watch youtube and play games.

                  But I left everything default and I can't seem to get anything to connect, no matter the computer or port or service, So I'm thinking it's a pfsense problem, could this be hardware? I did build a new box for doing pfsense (celeron D 3.4ghz with 1.5g DDR2) Or can you point me to where I could check a log of incoming requests and see if these requests are being blocked?

                  Thank you guys so much for the help

                  1 Reply Last reply Reply Quote 0
                  • M
                    mavermc last edited by

                    ::) Ok I am an idiot, Turns out the port forwarding is working fine (they guy who tested it externally didn't know what he was doing) I tested it externally and it's all working as it should but I can't access it remotely (as in if I goto 64...* inside the network I don't get a response) I'm sure this is a security thing but I do a lot of my routing (for remote control and what not) externally for the convince of not having to use separate settings when i'm outside of my network.

                    So what rule do I need to add to I can externally access myself?

                    1 Reply Last reply Reply Quote 0
                    • marcelloc
                      marcelloc last edited by

                      Access a lan server on same lan with public ip will need an outbound nat to source nat lan client ip to firewall ip.

                      Why don't you start using dns names to avoid this problem?

                      1 Reply Last reply Reply Quote 0
                      • M
                        mavermc last edited by

                        :P I'm a little confused on how DNS names would help, or where in pfsense I would even go to use them. are you talking about manually setting up internal routes, so depending on the port it will forward the packets internally to the respective server? I'd rather just be able to access the whole of my domain and external IP via inside the lan, I'm hoping I can do this with just one rule, but if there is a better way of doing this I'd love to hear it.

                        1 Reply Last reply Reply Quote 0
                        • D
                          dhatz last edited by

                          Read http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

                          marcelloc is suggesting to use Method 2: Split DNS

                          Note that pfsense's "NAT Reflection" doesn't work for UDP (yet).

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy