Yet Another Portforwarding Trouble

Obscure

Hi all!

I'm using 1.2-BETA1 to do the basic operation to access from wan to my ftp and ssh servers in my lan
There's a vsftpd server up and running and ssh access (both tested from lan if) with ip 192.168.1.198

I create a rule in Firewall->Nat->port forwarding

Interface: WAN
External address: Interface address
Protocol: TCP
External port range: from SSH  to other
NAT IP: 192.168.1.198 
Local port: SSH
Auto-add a firewall rule to permit traffic through this NAT rule checked

But I can't access to the server from external net (internet)

Could you help me please?
Thak You very much

cmb

Follow this.
http://wiki.pfsense.com/wikka.php?wakka=PortForwardTroubleShooting

Obscure

@cmb:

Follow this.
http://wiki.pfsense.com/wikka.php?wakka=PortForwardTroubleShooting

Exactly the one I followed  :'(

cmb

@Obscure:

@cmb:

Follow this.
http://wiki.pfsense.com/wikka.php?wakka=PortForwardTroubleShooting

Exactly the one I followed  :'(

Well, then post some details of the specific things you found while following that. The firewall rule logging changes, what happened with those?

Obscure

So, I configured the Nat->Portfwd as in my first post. I think is a correct cfg! (is it?)

PfSense add the rule ino firewall set

That's all!
I also looked into Status->System Logs->Firewall but no ssh or ftp connections are blocked

razor2000

Three things that come to mind:

1. Make sure that the gateway on the computer running the SSH server matches up with your pfsense and to be sure it isn't using anothre device as its gateway

2. Delete the two rules pertaining to the SSH allow rule, then go and create a new rule again from the NAT port-forward page and see if it works this time around.

3. Just to be extra sure, verify that you can log onto the SSH server from a computer within your LAN to be sure SSH is running.

Good luck! :)

Obscure

@razor2000:

1. Make sure that the gateway on the computer running the SSH server matches up with your pfsense and to be sure it isn't using anothre device as its gateway

Checked! PfSense is the default gw for the server machine  (goes on the web also)

2. Delete the two rules pertaining to the SSH allow rule, then go and create a new rule again from the NAT port-forward page and see if it works this time around.

Did it. No change! SSH still unreachable from internet

3. Just to be extra sure, verify that you can log onto the SSH server from a computer within your LAN to be sure SSH is running.

Yes they works perfectly. SSH and ftp can be used from lan pc

Really do't know! Forwarding should be a simple operation…
:'( :'( :'(

sullrich

In your screen shot it shows Ext: with no ip address.  It should show the IP address of the external interface.

Obscure

@sullrich:

In your screen shot it shows Ext: with no ip address.  It should show the IP address of the external interface.

The WAN interface is running PPPOE for adsl connection
Settings in Nat->PFwd are:

Interface: WAN
External address: Interface address

I also changed WAN to PPPOE but no ip address on ext if field :o

razor2000

Another item that came to mind is that are you sure the ports are open for you to be begin with?  If you go to your Firewall system log, are there entries for the default blocked items from outside machines trying to hit your connection?  Also, if you go to your Rules section, enable the loggin feature so connection attempts will get logged and see what happens.

As a last resort, do you have another router you could try to verify you can get inbound access (not that I hold anything against pfsense not letting you open up ports).

Let us know…

Obscure

@razor2000:

Another item that came to mind is that are you sure the ports are open for you to be begin with?  If you go to your Firewall system log, are there entries for the default blocked items from outside machines trying to hit your connection?  Also, if you go to your Rules section, enable the loggin feature so connection attempts will get logged and see what happens.

I added the log to all the rules in my ruleset (just 2, as shown in a post above) but seems to me that no blocked connections are there…
I'm also have the trouble with eMule. Forwarded ports 4672 and 4662 both TCP/UDP from WAN if to ip of my computer (same ports)! doesn't work and I'm still having LowId :(

My network is:

ADSL MODEM
  |
  | wan
  |
PfSENSE
  |
  | lan
  |
switch

As a last resort, do you have another router you could try to verify you can get inbound access (not that I hold anything against pfsense not letting you open up ports).

Unfortunatelly no :(

Obscure

Still have the problem  >:(
Portforward doesn't work

doesn't work for eMule also! I fwd port from 4000 to 5000 both tcp/udp from WAN if to Lan ip of my pc
Still low ID

Really don't know why!!

sullrich

Search the forum for "static-port".