Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding, not working. No FW logs.

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 7.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      antonbotha
      last edited by

      Hi everyone,

      I have a pfSense server set up on our network (see below), and are now trying to be able to set up port forwarding.

      
                                                SV1
                                        | ---- [===]
         ISP        RTR        PFS      |
        [===] ---- [===] ---- [===] ----|
                                        |       SV2
                                        | ---- [===]
      
      RTR = Router
            Placed in Bridge Mode
      
      PFS = pfSense Box
            PPPoE connection
            WAN (dynamic IP), used with DynDNS.
            LAN 10.0.0.200 (/24)
      
      SV1 = Server 1
            LAN 10.0.0.201
      
      SV2 = Server 2
            LAN 10.0.0.202
      

      As stated, the public IP is dynamic, thus I have set up DynDNS to update the IP and at least give me url to use.

      • I am able to use the DynDNS url to get to the pfSense Web Interface

      • I am able to use the DynDNS url to connect to the pfSense box via telnet

      • I am able to ping over WAN and LAN (PFS) to appropriate destinations

      • All local network IP's are accessible from all network machines (PFS->SV1, SV1->PFS, etc.)

      I have set up a simple NAT and FW rule to forward all incoming traffic over the WAN on port 9876 (shifted to different ports to ensure that it is not one that is blocked) to be forwarded to SV1 on port 80.

      NAT

      FW Rule

      I have tried with 'Disable NAT Reflection' checked and unchecked and setting up Routing.

      Packages running on the box; 1. bandwidthd, 2. ntop and 3. OpenVPN Client Export Utility.

      At the moment, I am not even getting anything in the logs stating the port, and not sure if I should look for something else. Any help/advice would be appreciated.

      Thanks

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        follow the steps here.
        http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        1 Reply Last reply Reply Quote 0
        • A
          antonbotha
          last edited by

          @cmb:

          follow the steps here.
          http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

          1. NAT and firewall rules not correctly added (see How can I forward ports with pfSense?).

          • I have tried various ways/setups, including the information in the link there. I have checked several threads here as well regarding similar issues and have tried multiple suggested resolutions.

          2. Firewall enabled on client machine.

          • Not at all.

          3. Client machine is not using pfSense as its default gateway.

          • Client machine is using pfSense as default gateway.

          4. Client machine not actually listening on the port being forwarded.

          • Tried several machines on several ports (internally using ports works fine).

          5. ISP blocking the port being forwarded

          • Tripple checked that this in not the case.

          6. Trying to test from inside your network, need to test from an outside machine.

          • Working from outside my network, tried connecting from my home as well as my smartphone.

          7. Incorrect or missing Virtual IP configuration for additional public IP addresses.

          • No additional IP address, not sure but I don't think this would apply to me.

          8. The pfSense router is not the border router. If there is something else between pfSense and your ISP, you must also replicate port forwards and associated rules there.

          • Might be wrong here, but the router is being used in Bridged mode, thus it wouldn't need to be done on the router. Also going to the DynDNS address takes me to the pfSense Box, so my problem lies getting past the pfSense Box to the machines on the local network.

          9. Forwarding ports to a server behind a Captive Portal. You must add an IP bypass both to and from the server's IP in order for a port forward to work behind a Captive Portal.

          • Not using Captive Portal at the moment.

          Unless if I am understanding something in the documents/help incorrectly I think I have done the NAT correctly and that the FW rules are correct as well.

          Thanks,
          Anton

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Packet capture on WAN, see if the traffic gets there. Then on LAN, see if it leaves, and gets a response.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.