Port Forwarding, not working. No FW logs.

  • Hi everyone,

    I have a pfSense server set up on our network (see below), and are now trying to be able to set up port forwarding.

                                      | ---- [===]
       ISP        RTR        PFS      |
      [===] ---- [===] ---- [===] ----|
                                      |       SV2
                                      | ---- [===]
    RTR = Router
          Placed in Bridge Mode
    PFS = pfSense Box
          PPPoE connection
          WAN (dynamic IP), used with DynDNS.
          LAN (/24)
    SV1 = Server 1
    SV2 = Server 2

    As stated, the public IP is dynamic, thus I have set up DynDNS to update the IP and at least give me url to use.

    • I am able to use the DynDNS url to get to the pfSense Web Interface

    • I am able to use the DynDNS url to connect to the pfSense box via telnet

    • I am able to ping over WAN and LAN (PFS) to appropriate destinations

    • All local network IP's are accessible from all network machines (PFS->SV1, SV1->PFS, etc.)

    I have set up a simple NAT and FW rule to forward all incoming traffic over the WAN on port 9876 (shifted to different ports to ensure that it is not one that is blocked) to be forwarded to SV1 on port 80.


    FW Rule

    I have tried with 'Disable NAT Reflection' checked and unchecked and setting up Routing.

    Packages running on the box; 1. bandwidthd, 2. ntop and 3. OpenVPN Client Export Utility.

    At the moment, I am not even getting anything in the logs stating the port, and not sure if I should look for something else. Any help/advice would be appreciated.


  • @cmb:

    follow the steps here.

    1. NAT and firewall rules not correctly added (see How can I forward ports with pfSense?).

    • I have tried various ways/setups, including the information in the link there. I have checked several threads here as well regarding similar issues and have tried multiple suggested resolutions.

    2. Firewall enabled on client machine.

    • Not at all.

    3. Client machine is not using pfSense as its default gateway.

    • Client machine is using pfSense as default gateway.

    4. Client machine not actually listening on the port being forwarded.

    • Tried several machines on several ports (internally using ports works fine).

    5. ISP blocking the port being forwarded

    • Tripple checked that this in not the case.

    6. Trying to test from inside your network, need to test from an outside machine.

    • Working from outside my network, tried connecting from my home as well as my smartphone.

    7. Incorrect or missing Virtual IP configuration for additional public IP addresses.

    • No additional IP address, not sure but I don't think this would apply to me.

    8. The pfSense router is not the border router. If there is something else between pfSense and your ISP, you must also replicate port forwards and associated rules there.

    • Might be wrong here, but the router is being used in Bridged mode, thus it wouldn't need to be done on the router. Also going to the DynDNS address takes me to the pfSense Box, so my problem lies getting past the pfSense Box to the machines on the local network.

    9. Forwarding ports to a server behind a Captive Portal. You must add an IP bypass both to and from the server's IP in order for a port forward to work behind a Captive Portal.

    • Not using Captive Portal at the moment.

    Unless if I am understanding something in the documents/help incorrectly I think I have done the NAT correctly and that the FW rules are correct as well.


  • Packet capture on WAN, see if the traffic gets there. Then on LAN, see if it leaves, and gets a response.

Log in to reply