Yet Another Portforwarding Trouble



  • Hi all!

    I'm using 1.2-BETA1 to do the basic operation to access from wan to my ftp and ssh servers in my lan
    There's a vsftpd server up and running and ssh access (both tested from lan if) with ip 192.168.1.198

    I create a rule in Firewall->Nat->port forwarding

    Interface: WAN
    External address: Interface address
    Protocol: TCP
    External port range: from SSH  to other
    NAT IP: 192.168.1.198 
    Local port: SSH
    Auto-add a firewall rule to permit traffic through this NAT rule checked

    But I can't access to the server from external net (internet)

    Could you help me please?
    Thak You very much





  • @cmb:

    Follow this.
    http://wiki.pfsense.com/wikka.php?wakka=PortForwardTroubleShooting

    Exactly the one I followed  :'(



  • @Obscure:

    @cmb:

    Follow this.
    http://wiki.pfsense.com/wikka.php?wakka=PortForwardTroubleShooting

    Exactly the one I followed  :'(

    Well, then post some details of the specific things you found while following that. The firewall rule logging changes, what happened with those?



  • So, I configured the Nat->Portfwd as in my first post. I think is a correct cfg! (is it?)

    PfSense add the rule ino firewall set

    That's all!
    I also looked into Status->System Logs->Firewall but no ssh or ftp connections are blocked



  • Three things that come to mind:

    1. Make sure that the gateway on the computer running the SSH server matches up with your pfsense and to be sure it isn't using anothre device as its gateway

    2. Delete the two rules pertaining to the SSH allow rule, then go and create a new rule again from the NAT port-forward page and see if it works this time around.

    3. Just to be extra sure, verify that you can log onto the SSH server from a computer within your LAN to be sure SSH is running.

    Good luck! :)



  • @razor2000:

    1. Make sure that the gateway on the computer running the SSH server matches up with your pfsense and to be sure it isn't using anothre device as its gateway

    Checked! PfSense is the default gw for the server machine  (goes on the web also)

    1. Delete the two rules pertaining to the SSH allow rule, then go and create a new rule again from the NAT port-forward page and see if it works this time around.

    Did it. No change! SSH still unreachable from internet

    1. Just to be extra sure, verify that you can log onto the SSH server from a computer within your LAN to be sure SSH is running.

    Yes they works perfectly. SSH and ftp can be used from lan pc

    Really do't know! Forwarding should be a simple operation…
    :'( :'( :'(



  • In your screen shot it shows Ext: with no ip address.  It should show the IP address of the external interface.



  • @sullrich:

    In your screen shot it shows Ext: with no ip address.  It should show the IP address of the external interface.

    The WAN interface is running PPPOE for adsl connection
    Settings in Nat->PFwd are:

    Interface: WAN
    External address: Interface address

    I also changed WAN to PPPOE but no ip address on ext if field :o



  • Another item that came to mind is that are you sure the ports are open for you to be begin with?  If you go to your Firewall system log, are there entries for the default blocked items from outside machines trying to hit your connection?  Also, if you go to your Rules section, enable the loggin feature so connection attempts will get logged and see what happens.

    As a last resort, do you have another router you could try to verify you can get inbound access (not that I hold anything against pfsense not letting you open up ports).

    Let us know…



  • @razor2000:

    Another item that came to mind is that are you sure the ports are open for you to be begin with?  If you go to your Firewall system log, are there entries for the default blocked items from outside machines trying to hit your connection?  Also, if you go to your Rules section, enable the loggin feature so connection attempts will get logged and see what happens.

    I added the log to all the rules in my ruleset (just 2, as shown in a post above) but seems to me that no blocked connections are there…
    I'm also have the trouble with eMule. Forwarded ports 4672 and 4662 both TCP/UDP from WAN if to ip of my computer (same ports)! doesn't work and I'm still having LowId :(

    My network is:

    ADSL MODEM
      |
      | wan
      |
    PfSENSE
      |
      | lan
      |
    switch

    As a last resort, do you have another router you could try to verify you can get inbound access (not that I hold anything against pfsense not letting you open up ports).

    Unfortunatelly no :(



  • Still have the problem  >:(
    Portforward doesn't work

    doesn't work for eMule also! I fwd port from 4000 to 5000 both tcp/udp from WAN if to Lan ip of my pc
    Still low ID

    Really don't know why!!



  • Search the forum for "static-port".


Log in to reply