• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Port forwarding question.

Scheduled Pinned Locked Moved NAT
17 Posts 7 Posters 12.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    Jesse7
    last edited by Nov 8, 2005, 10:47 AM

    @josh:

    Jesse,

    If I'm reading correctly:
    PFSense: 192.168.1.3
    DSL Router's Internal IP: 192.168.1.2

    Setting a DMZ IP on your DSL modem is going to cause ANY port coming from the internet to be automatically forwarded to whatever IP you specify in the setting. With this being the case, set that IP to your PFSense box (192.168.1.3). This will cause PFSense to handle ALL your firewall/port forwarding. In PFSense, add a NAT entry in the WAN section from UDP any host, any port to the IP of the teamspeak box (behind the PFSense firewall/router) - UDP, port 8767. You will also need to check the box to add a firewall entry as well to allow the port through PFSense.

    This will cause a Teamspeak request coming from the internet to hit your DSL modem, your DSL modem will automatically forward that port on to the DMZ host which is your PFSense box. Your PFSense box will then forward that port to your internal teamspeak box.

    Hope this helps!
    -Josh

    I set the DMZ option on my router.  Is there some way I can check its working? (route table or something?).

    After getting home I am a little bit confused, as the setup is a little different than you discribed josh but I think i could follow what you ment.  Under firewall >Nat I can setup inbound, 1:1 and outbound.  Obviously I want an inbound rule.

    I can't set ports to any there is just no option for it.

    Here are my options:
    Interface:  I chose WAN.
    External address:  I don't understand this so I just left it as interface address, initially but after reading the discription again and again I think it means if I want to redirect to the LAN select ANY.  So I tried this on ANY.

    Protocol: i chose UDP
    External port range:  I can't choose any here?  Or can I?  I input port 8767  I tried entering nothing but got an error.
    NAT IP: 192.168.0.197 (the ip of the pc hosting teamspeak).
    Local port:  Again can't choose any.  But here I am pretty sure I definatly need to put 8767.

    Then I saved with the tick to enable the firewall rule also.  And then I put I log on the firewall rule.

    Still no go,  can someone confirm I can access my from within my own lan using the NAT rules?  as the note is worrying me that I can't test it myself and I am just wasting my time.

    Also getting no logs under System logs/firewall to do with this rule.

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Nov 11, 2005, 6:07 PM

      You have a tab labeled  "inbound "? What version are you running? This was renamed several versions ago to "port forward", so I assume you are running a quite old version? Check under status>system in the webgui. Also note that you can't test your nat from inside your lan (see this thread http://forum.pfsense.org/index.php?topic=66.0 ).

      Ath the "port forward" or "inbound" tab the rule you have to create looks like this(just listing settings):

      WAN
      interface adress
      udp
      8767
      8767
      192.168.0.197
      8767
      description
      [x]

      Ask someone to test your teamspeak from the outside. Other option would be to test with a client in front of your pfSense from inside you Gatewayrouters LAN. If it works from this client in front of your pfsenses wan and not from somebody coming from the internet, your pfSense config is fine and you have to check your gatewayrouter again.

      If it doesn't even work from a client at pfSense's WAN something with your configuration is wrong.

      If it works even from the internet be happy ;-)

      1 Reply Last reply Reply Quote 0
      • J
        Jesse7
        last edited by Nov 11, 2005, 9:56 PM

        @hoba:

        You have a tab labeled  "inbound "? What version are you running? This was renamed several versions ago to "port forward", so I assume you are running a quite old version? Check under status>system in the webgui. Also note that you can't test your nat from inside your lan (see this thread http://forum.pfsense.org/index.php?topic=66.0 ).

        Ath the "port forward" or "inbound" tab the rule you have to create looks like this(just listing settings):

        WAN
        interface adress
        udp
        8767
        8767
        192.168.0.197
        8767
        description
        [x]

        Ask someone to test your teamspeak from the outside. Other option would be to test with a client in front of your pfSense from inside you Gatewayrouters LAN. If it works from this client in front of your pfsenses wan and not from somebody coming from the internet, your pfSense config is fine and you have to check your gatewayrouter again.

        If it doesn't even work from a client at pfSense's WAN something with your configuration is wrong.

        If it works even from the internet be happy ;-)

        I am running .90  which is the latest version?  I didn't install .92 because I can't find anywhere that says it is official after it got taken down because of the DHCP problems or whatever?

        So yeh you are right it says port forward :).

        Thanks hoba I guess I know how to check it now anyways.  My port forwarding rules are now working for other programs anyway like Edonkey.  After seting up two port forward rules it went from unreachable to reachable,  so it is working.  Thanks for showing me the DMZ setting so I don't have to setup two lots of rules! :).

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by Nov 11, 2005, 11:01 PM

          nice you got it working  :D

          1 Reply Last reply Reply Quote 0
          • A
            agismaniax
            last edited by Mar 1, 2006, 6:53 AM

            I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
            I want to make incoming connection from my WAN to LAN.

            For example, I want to give acess to FTP service.
            I have setting like this in Firewall > Rules > WAN:
            Proto: TCP/UDP
            Source: *
            Port: *
            Destination: WAN address
            Gateway: *
            Description: WAN to LAN (FTP)

            In my Firewall > NAT > Port Forwarding:
            If: WAN
            Proto: TCP/UDP
            Ext. Port Range: 21 (FTP)
            NAT IP: 172.16.4.4
            Int. Port Range: 21 (FTP)
            Description: WAN to LAN (FTP)

            Why is it not working at all?

            1 Reply Last reply Reply Quote 0
            • D
              duck7207
              last edited by Mar 1, 2006, 1:54 PM

              @agismaniax:

              I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
              I want to make incoming connection from my WAN to LAN.

              For example, I want to give acess to FTP service.
              I have setting like this in Firewall > Rules > WAN:
              Proto: TCP/UDP
              Source: *
              Port: *
              Destination: WAN address
              Gateway: *
              Description: WAN to LAN (FTP)

              In my Firewall > NAT > Port Forwarding:
              If: WAN
              Proto: TCP/UDP
              Ext. Port Range: 21 (FTP)
              NAT IP: 172.16.4.4
              Int. Port Range: 21 (FTP)
              Description: WAN to LAN (FTP)

              Why is it not working at all?

              the correct rules is for ftp anyways:
              in nat/port forward:
              (when making a rule in nat/port forward make sure this is enabled: Auto-add a firewall rule to permit traffic through this NAT rule, then you dont have to make a rule in the rules option for it is created by it self)

              if=WAN
              proto=TCP
              Ext. port range=21 (FTP) 
              NAT IP=192.168.0.210
              Int. port range=21 (FTP)
              Desc=ftp server

              in rules/wan

              proto=TCP
              source=*
              port=*
              destination=192.168.0.210
              port=21 (FTP)
              gateway=*
              desc=NAT ftp server

              and eveyrone that is connectiong to must write my ipadress/dyndns:21 <<–-- must write the port to,

              this is working for me anyway.

              1 Reply Last reply Reply Quote 0
              • J
                Jesse7
                last edited by Mar 2, 2006, 12:01 AM

                @agismaniax:

                I'm still confuse about Firewall > NAT > Port Forwarding and Firewall > Rules >WAN.
                I want to make incoming connection from my WAN to LAN.

                For example, I want to give acess to FTP service.
                I have setting like this in Firewall > Rules > WAN:
                Proto: TCP/UDP
                Source: *
                Port: *
                Destination: WAN address
                Gateway: *
                Description: WAN to LAN (FTP)

                In my Firewall > NAT > Port Forwarding:
                If: WAN
                Proto: TCP/UDP
                Ext. Port Range: 21 (FTP)
                NAT IP: 172.16.4.4
                Int. Port Range: 21 (FTP)
                Description: WAN to LAN (FTP)

                Why is it not working at all?

                Don't create your firewall rule manually.  When you create your port forward tick the box at the bottom like the poster below said and it will make the rule for you automatically.

                I'm no expert but to me it looks like you made the firewall rule incorrectly.  Instead of Destination:  Wan address.  It should be the LAN address.

                Use the auto make firewall rule to see where you went wrong.

                If your problem is still not fixed there is something called FTP helper I'm not familair with this setting but do a search maybe it can help you too.

                1 Reply Last reply Reply Quote 0
                • J
                  Jesse7
                  last edited by Mar 2, 2006, 12:03 AM

                  This is an oldish thread.  When I made it the colour coded posts were not enabled.  I initially clicked thanks solved when coming back to this thread today.  But then it locked the thread?  So no further discussion could be had so I changed it back to "didn't help" even though it did so the thread can keep going.

                  1 Reply Last reply Reply Quote 0
                  • A
                    agismaniax
                    last edited by Mar 2, 2006, 2:36 AM

                    @duck7207:

                    the correct rules is for ftp anyways:
                    in nat/port forward:
                    (when making a rule in nat/port forward make sure this is enabled: Auto-add a firewall rule to permit traffic through this NAT rule, then you dont have to make a rule in the rules option for it is created by it self)

                    if=WAN
                    proto=TCP
                    Ext. port range=21 (FTP) 
                    NAT IP=192.168.0.210
                    Int. port range=21 (FTP)
                    Desc=ftp server

                    in rules/wan

                    proto=TCP
                    source=*
                    port=*
                    destination=192.168.0.210
                    port=21 (FTP)
                    gateway=*
                    desc=NAT ftp server

                    and eveyrone that is connectiong to must write my ipadress/dyndns:21 <<–-- must write the port to,

                    this is working for me anyway.

                    i follow your guide but still won't work.
                    Btw. my pfsense machine have 4 WAN(s) and 1 LAN.
                    my first WAN is 203.77.230.xx, my second WAN is 202.169.57.xx, my third WAN is 202.159.10.xx, my forth WAN is available and my LAN is 172.16.4.x
                    how to make a working port forwarding to internal network with multiple WANs?  ???  ???  ???

                    1 Reply Last reply Reply Quote 0
                    • D
                      dot_desig
                      last edited by Apr 16, 2007, 6:54 PM Apr 16, 2007, 6:27 PM

                      I'm having the same problem, or similar…
                      I suppose that all is well configured NAT and Rules, but Trafic on port 21 does not pass.

                      Connected with ftp.****.net. Waiting for welcome message...

                      And it stops there.
                      All other services are running perfectly only FTP is fails.

                      Log shows
                      pftpx[527]: #9 server timeout

                      The server works fine inside lan

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb
                        last edited by Apr 18, 2007, 1:36 AM

                        Try a recent snapshot, FTP should work out of the box now. seems to fix all the problems people were having.
                        http://snapshots.pfsense.com/FreeBSD6/RELENG_1/

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received