Port forwarding problems
-
These are my very simple port forwarding rules and firewall rules in pfsense:
So there are, all in all, 9 entries that SHOULD work as set. Let's name these entries entry1 to entry9. For each entry, this is a brief description of their redirection IP/ports and the problems I'm encountering:
entry1 - pfsense webgui; no problems in accessing from outside this network
entry2 - WAN2 modem webgui; no problems in accessing from outside this network
entry3 - WAN3 modem webgui; CANNOT ACCESS from outside this network
entry4 - webgui of wifi router (set to switch mode) connected to LAN side of pfsense; CANNOT ACCESS from outside this network
entry5 - webgui of router (set to router mode) connected in between pfsense and WAN3 modem; CANNOT ACCESS from outside this network
entry6 - N8800 media server webgui; no problems in accessing from outside this network
entry7 - N8800 webdisk webgui; no problems in accessing from outside this network
entry8 - Kevin's Laptop sabnzbd webgui; CANNOT ACCESS from outside this network
entry9 - Alvin's Desktop sabnzbd webgui; CANNOT ACCESS from outside this networkBy the way, I have two WAN interfaces and one LAN interface. The two WANs are named WAN2 and WAN3 while the LAN is named LAN. All the IPs I've explained above are accessible from the LAN side and I have no problems with that. But from outside this network (from another computer connected to another ISP), why can't I access entry3, 4, 5, 8, and 9? I'm out of ideas now because as I understand port forwarding these rules are correct. But of course there is obviously something wrong here. Can you guys help me?
Thank you very much :)
-
BUMP! Anybody?
-
Source port?
-
Source port?
What do you mean? Do you mean I should specify the source ports for each Firewall rule? Those firewall rules were automatically made by pfsense when I did each port forward.
Shouldn't an asterisk mean it will listen to all the ports?
-
Not in the rules, but in NAT.
Kostas
-
Not in the rules, but in NAT.
Kostas
I tried doing it in the NAT and it was also reflected in the rules.
I tried putting a source port of 21001 in entry1 (which was working before doing this) and now it doesn't work. I then tried to put a source port of 8082 in entry9 and it still doesn't work.
-
Don't have access in the firewall right now, but I his topic http://forum.pfsense.org/index.php/topic,48866.msg258669.html#msg258669
there is an image of working NAT setup.
Best
Kostas
-
Don't have access in the firewall right now, but I his topic http://forum.pfsense.org/index.php/topic,48866.msg258669.html#msg258669
there is an image of working NAT setup.
Best
Kostas
Thanks, I'll analyze that.
-
I just tried analyzing the setup in the link you've posted but I'm not sure if it is applicable in my case. Anyone else have any ideas on this?
-
BUMP!
-
Help needed here guys? Please?
-
BUMP!
-
Daily BUMP!
Is this a hard-to-solve issue, really?
-
Packet capture traffic on the firewall for a host you can not access externally. Get a friend on the phone and ask them to try. Analyse the capture. Best guess the traffic hits the target but the target does not know where to send it back.
Also I have a feeling Sab has a setting in the ini file that tells it what networks it will talk to. That might be worth a look just to make sure it's not restricted to the local net.
edit/
No it doesn't I've just looked but it's default bind is the loopback so make sure it is bound to the IP of the box. Also I hope the port you are trying to redirect to is the https port of Sab and not the http. -
Have an nearly-same problem,
I got two WAN´s, too, but i can only access the LanPC which are on the Default-WAN.
The problem is that the packet from the secondary WAN comes in and dont find out (because it goes over the Default-WAN). -
Packet capture traffic on the firewall for a host you can not access externally. Get a friend on the phone and ask them to try. Analyse the capture. Best guess the traffic hits the target but the target does not know where to send it back.
Also I have a feeling Sab has a setting in the ini file that tells it what networks it will talk to. That might be worth a look just to make sure it's not restricted to the local net.
How do you actually do a packet capture on the firewall?
As I've probably mentioned above, I've already tried using SAB with a computer that's only connected to a simple DD-WRT router and I can access it from outside the network without any problems. When I bring this same computer and connect it to the network with pfsense as the main firewall, then I cannot access it from outside the network.
-
Under diagnostics -> Packet Capture
Select the LAN interface Set the host address to the IP address of the internal device you are trying to connect to Set the level of detail to full, leave all others at their default. Then get someone outside the network to attempt a connection. Don't try to use NAT reflection as that will confuse things. If you look at the capture and your response is WTF post it and we can take a look.
-
Here it goes (I'm trying to access 192.168.1.2 from outside the network and it did captured some packets. I replaced the source IP address with x.x.x.x):
http://pastebin.com/6YNr4ifL
Any thoughts?
-
Well I see incoming traffic for 192.168.1.2 but I'm not seeing an outgoing response.
Off the top of my head it's a routing issue. Is the LAN interface the default route? Try doing a traceroute from the device 192.168.1.2 and see where it thinks the packet should go. -
Did you defined static routes or is there a second router in your network which reaches the other lan networks? What is the client default gateway? Could you ping all the clients defined from the pfsense "ping tool"?