Port forwarding question.

Jesse7 · Nov 8, 2005, 10:47 AM

Jesse,

If I'm reading correctly:
PFSense: 192.168.1.3
DSL Router's Internal IP: 192.168.1.2

Setting a DMZ IP on your DSL modem is going to cause ANY port coming from the internet to be automatically forwarded to whatever IP you specify in the setting. With this being the case, set that IP to your PFSense box (192.168.1.3). This will cause PFSense to handle ALL your firewall/port forwarding. In PFSense, add a NAT entry in the WAN section from UDP any host, any port to the IP of the teamspeak box (behind the PFSense firewall/router) - UDP, port 8767. You will also need to check the box to add a firewall entry as well to allow the port through PFSense.

This will cause a Teamspeak request coming from the internet to hit your DSL modem, your DSL modem will automatically forward that port on to the DMZ host which is your PFSense box. Your PFSense box will then forward that port to your internal teamspeak box.

Hope this helps!
-Josh

I set the DMZ option on my router. Is there some way I can check its working? (route table or something?).

After getting home I am a little bit confused, as the setup is a little different than you discribed josh but I think i could follow what you ment. Under firewall >Nat I can setup inbound, 1:1 and outbound. Obviously I want an inbound rule.

I can't set ports to any there is just no option for it.

Here are my options:
Interface: I chose WAN.
External address: I don't understand this so I just left it as interface address, initially but after reading the discription again and again I think it means if I want to redirect to the LAN select ANY. So I tried this on ANY.

Protocol: i chose UDP
External port range: I can't choose any here? Or can I? I input port 8767 I tried entering nothing but got an error.
NAT IP: 192.168.0.197 (the ip of the pc hosting teamspeak).
Local port: Again can't choose any. But here I am pretty sure I definatly need to put 8767.

Then I saved with the tick to enable the firewall rule also. And then I put I log on the firewall rule.

Still no go, can someone confirm I can access my from within my own lan using the NAT rules? as the note is worrying me that I can't test it myself and I am just wasting my time.

Also getting no logs under System logs/firewall to do with this rule.

hoba · Nov 11, 2005, 6:07 PM

You have a tab labeled "inbound "? What version are you running? This was renamed several versions ago to "port forward", so I assume you are running a quite old version? Check under status>system in the webgui. Also note that you can't test your nat from inside your lan (see this thread http://forum.pfsense.org/index.php?topic=66.0 ).

Ath the "port forward" or "inbound" tab the rule you have to create looks like this(just listing settings):

WAN
interface adress
udp
8767
8767
192.168.0.197
8767
description
[x]

Ask someone to test your teamspeak from the outside. Other option would be to test with a client in front of your pfSense from inside you Gatewayrouters LAN. If it works from this client in front of your pfsenses wan and not from somebody coming from the internet, your pfSense config is fine and you have to check your gatewayrouter again.

If it doesn't even work from a client at pfSense's WAN something with your configuration is wrong.

If it works even from the internet be happy ;-)

Jesse7 · Nov 11, 2005, 9:56 PM

@hoba:

You have a tab labeled "inbound "? What version are you running? This was renamed several versions ago to "port forward", so I assume you are running a quite old version? Check under status>system in the webgui. Also note that you can't test your nat from inside your lan (see this thread http://forum.pfsense.org/index.php?topic=66.0 ).

Ath the "port forward" or "inbound" tab the rule you have to create looks like this(just listing settings):

WAN
interface adress
udp
8767
8767
192.168.0.197
8767
description
[x]

Ask someone to test your teamspeak from the outside. Other option would be to test with a client in front of your pfSense from inside you Gatewayrouters LAN. If it works from this client in front of your pfsenses wan and not from somebody coming from the internet, your pfSense config is fine and you have to check your gatewayrouter again.

If it doesn't even work from a client at pfSense's WAN something with your configuration is wrong.

If it works even from the internet be happy ;-)

I am running .90 which is the latest version? I didn't install .92 because I can't find anywhere that says it is official after it got taken down because of the DHCP problems or whatever?

So yeh you are right it says port forward :).

Thanks hoba I guess I know how to check it now anyways. My port forwarding rules are now working for other programs anyway like Edonkey. After seting up two port forward rules it went from unreachable to reachable, so it is working. Thanks for showing me the DMZ setting so I don't have to setup two lots of rules! :).

hoba · Nov 11, 2005, 11:01 PM

nice you got it working :D

agismaniax · Mar 1, 2006, 6:53 AM

I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
I want to make incoming connection from my WAN to LAN.

For example, I want to give acess to FTP service.
I have setting like this in Firewall > Rules > WAN:
Proto: TCP/UDP
Source: *
Port: *
Destination: WAN address
Gateway: *
Description: WAN to LAN (FTP)

In my Firewall > NAT > Port Forwarding:
If: WAN
Proto: TCP/UDP
Ext. Port Range: 21 (FTP)
NAT IP: 172.16.4.4
Int. Port Range: 21 (FTP)
Description: WAN to LAN (FTP)

Why is it not working at all?

duck7207 · Mar 1, 2006, 1:54 PM

@agismaniax:

I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
I want to make incoming connection from my WAN to LAN.

For example, I want to give acess to FTP service.
I have setting like this in Firewall > Rules > WAN:
Proto: TCP/UDP
Source: *
Port: *
Destination: WAN address
Gateway: *
Description: WAN to LAN (FTP)

In my Firewall > NAT > Port Forwarding:
If: WAN
Proto: TCP/UDP
Ext. Port Range: 21 (FTP)
NAT IP: 172.16.4.4
Int. Port Range: 21 (FTP)
Description: WAN to LAN (FTP)

Why is it not working at all?

the correct rules is for ftp anyways:
in nat/port forward:
(when making a rule in nat/port forward make sure this is enabled: Auto-add a firewall rule to permit traffic through this NAT rule, then you dont have to make a rule in the rules option for it is created by it self)

if=WAN
proto=TCP
Ext. port range=21 (FTP)
NAT IP=192.168.0.210
Int. port range=21 (FTP)
Desc=ftp server

in rules/wan

proto=TCP
source=*
port=*
destination=192.168.0.210
port=21 (FTP)
gateway=*
desc=NAT ftp server

and eveyrone that is connectiong to must write my ipadress/dyndns:21 <<–-- must write the port to,

this is working for me anyway.

Jesse7 · Mar 2, 2006, 12:01 AM

@agismaniax:

I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
I want to make incoming connection from my WAN to LAN.

For example, I want to give acess to FTP service.
I have setting like this in Firewall > Rules > WAN:
Proto: TCP/UDP
Source: *
Port: *
Destination: WAN address
Gateway: *
Description: WAN to LAN (FTP)

In my Firewall > NAT > Port Forwarding:
If: WAN
Proto: TCP/UDP
Ext. Port Range: 21 (FTP)
NAT IP: 172.16.4.4
Int. Port Range: 21 (FTP)
Description: WAN to LAN (FTP)

Why is it not working at all?

Don't create your firewall rule manually. When you create your port forward tick the box at the bottom like the poster below said and it will make the rule for you automatically.

I'm no expert but to me it looks like you made the firewall rule incorrectly. Instead of Destination: Wan address. It should be the LAN address.

Use the auto make firewall rule to see where you went wrong.

If your problem is still not fixed there is something called FTP helper I'm not familair with this setting but do a search maybe it can help you too.

Jesse7 · Mar 2, 2006, 12:03 AM

This is an oldish thread. When I made it the colour coded posts were not enabled. I initially clicked thanks solved when coming back to this thread today. But then it locked the thread? So no further discussion could be had so I changed it back to "didn't help" even though it did so the thread can keep going.

agismaniax · Mar 2, 2006, 2:36 AM

@duck7207:

the correct rules is for ftp anyways:
in nat/port forward:
(when making a rule in nat/port forward make sure this is enabled: Auto-add a firewall rule to permit traffic through this NAT rule, then you dont have to make a rule in the rules option for it is created by it self)

if=WAN
proto=TCP
Ext. port range=21 (FTP)
NAT IP=192.168.0.210
Int. port range=21 (FTP)
Desc=ftp server

in rules/wan

proto=TCP
source=*
port=*
destination=192.168.0.210
port=21 (FTP)
gateway=*
desc=NAT ftp server

and eveyrone that is connectiong to must write my ipadress/dyndns:21 <<–-- must write the port to,

this is working for me anyway.

i follow your guide but still won't work.
Btw. my pfsense machine have 4 WAN(s) and 1 LAN.
my first WAN is 203.77.230.xx, my second WAN is 202.169.57.xx, my third WAN is 202.159.10.xx, my forth WAN is available and my LAN is 172.16.4.x
how to make a working port forwarding to internal network with multiple WANs? ??? ??? ???

dot_desig · Apr 16, 2007, 6:54 PM

I'm having the same problem, or similar…
I suppose that all is well configured NAT and Rules, but Trafic on port 21 does not pass.

Connected with ftp.****.net. Waiting for welcome message...

And it stops there.
All other services are running perfectly only FTP is fails.

Log shows
pftpx[527]: #9 server timeout

The server works fine inside lan

cmb · Apr 18, 2007, 1:36 AM

Try a recent snapshot, FTP should work out of the box now. seems to fix all the problems people were having.
http://snapshots.pfsense.com/FreeBSD6/RELENG_1/