Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding problems

    Scheduled Pinned Locked Moved NAT
    43 Posts 6 Posters 13.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kevindd992002
      last edited by

      These are my very simple port forwarding rules and firewall rules in pfsense:

      So there are, all in all, 9 entries that SHOULD work as set. Let's name these entries entry1 to entry9. For each entry, this is a brief description of their redirection IP/ports and the problems I'm encountering:

      entry1 - pfsense webgui; no problems in accessing from outside this network
      entry2 - WAN2 modem webgui; no problems in accessing from outside this network
      entry3 - WAN3 modem webgui; CANNOT ACCESS from outside this network
      entry4 - webgui of wifi router (set to switch mode) connected to LAN side of pfsense; CANNOT ACCESS from outside this network
      entry5 - webgui of router (set to router mode) connected in between pfsense and WAN3 modem; CANNOT ACCESS from outside this network
      entry6 - N8800 media server webgui; no problems in accessing from outside this network
      entry7 - N8800 webdisk webgui; no problems in accessing from outside this network
      entry8 - Kevin's Laptop sabnzbd webgui; CANNOT ACCESS from outside this network
      entry9 - Alvin's Desktop sabnzbd webgui; CANNOT ACCESS from outside this network

      By the way, I have two WAN interfaces and one LAN interface. The two WANs are named WAN2 and WAN3 while the LAN is named LAN. All the IPs I've explained above are accessible from the LAN side and I have no problems with that. But from outside this network (from another computer connected to another ISP), why can't I access entry3, 4, 5, 8, and 9? I'm out of ideas now because as I understand port forwarding these rules are correct. But of course there is obviously something wrong here. Can you guys help me?

      Thank you very much :)

      1 Reply Last reply Reply Quote 0
      • K
        kevindd992002
        last edited by

        BUMP! Anybody?

        1 Reply Last reply Reply Quote 0
        • C
          costasppc
          last edited by

          Source port?

          1 Reply Last reply Reply Quote 0
          • K
            kevindd992002
            last edited by

            @costasppc:

            Source port?

            What do you mean? Do you mean I should specify the source ports for each Firewall rule? Those firewall rules were automatically made by pfsense when I did each port forward.

            Shouldn't an asterisk mean it will listen to all the ports?

            1 Reply Last reply Reply Quote 0
            • C
              costasppc
              last edited by

              Not in the rules, but  in NAT.

              Kostas

              1 Reply Last reply Reply Quote 0
              • K
                kevindd992002
                last edited by

                @costasppc:

                Not in the rules, but  in NAT.

                Kostas

                I tried doing it in the NAT and it was also reflected in the rules.

                I tried putting a source port of 21001 in entry1 (which was working before doing this) and now it doesn't work. I then tried to put a source port of 8082 in entry9 and it still doesn't work.

                1 Reply Last reply Reply Quote 0
                • C
                  costasppc
                  last edited by

                  Don't have access in the firewall right now, but I his topic http://forum.pfsense.org/index.php/topic,48866.msg258669.html#msg258669

                  there is an image of working NAT setup.

                  Best

                  Kostas

                  1 Reply Last reply Reply Quote 0
                  • K
                    kevindd992002
                    last edited by

                    @costasppc:

                    Don't have access in the firewall right now, but I his topic http://forum.pfsense.org/index.php/topic,48866.msg258669.html#msg258669

                    there is an image of working NAT setup.

                    Best

                    Kostas

                    Thanks, I'll analyze that.

                    1 Reply Last reply Reply Quote 0
                    • K
                      kevindd992002
                      last edited by

                      I just tried analyzing the setup in the link you've posted but I'm not sure if it is applicable in my case. Anyone else have any ideas on this?

                      1 Reply Last reply Reply Quote 0
                      • K
                        kevindd992002
                        last edited by

                        BUMP!

                        1 Reply Last reply Reply Quote 0
                        • K
                          kevindd992002
                          last edited by

                          Help needed here guys? Please?

                          1 Reply Last reply Reply Quote 0
                          • K
                            kevindd992002
                            last edited by

                            BUMP!

                            1 Reply Last reply Reply Quote 0
                            • K
                              kevindd992002
                              last edited by

                              Daily BUMP!

                              Is this a hard-to-solve issue, really?

                              1 Reply Last reply Reply Quote 0
                              • G
                                Gloom
                                last edited by

                                Packet capture traffic on the firewall for a host you can not access externally. Get a friend on the phone and ask them to try. Analyse the capture. Best guess the traffic hits the target but the target does not know where to send it back.

                                Also I have a feeling Sab has a setting in the ini file that tells it what networks it will talk to. That might be worth a look just to make sure it's not restricted to the local net.

                                edit/
                                No it doesn't I've just looked but it's default bind is the loopback so make sure it is bound to the IP of the box. Also I hope the port you are trying to redirect to is the https port of Sab and not the http.

                                Never underestimate the power of human stupidity

                                1 Reply Last reply Reply Quote 0
                                • M
                                  Marv21
                                  last edited by

                                  Have an nearly-same problem,
                                  I got two WAN´s, too, but i can only access the LanPC which are on the Default-WAN.
                                  The problem is that the packet from the secondary WAN comes in and dont find out (because it goes over the Default-WAN).

                                  1 Reply Last reply Reply Quote 0
                                  • K
                                    kevindd992002
                                    last edited by

                                    @Gloom:

                                    Packet capture traffic on the firewall for a host you can not access externally. Get a friend on the phone and ask them to try. Analyse the capture. Best guess the traffic hits the target but the target does not know where to send it back.

                                    Also I have a feeling Sab has a setting in the ini file that tells it what networks it will talk to. That might be worth a look just to make sure it's not restricted to the local net.

                                    How do you actually do a packet capture on the firewall?

                                    As I've probably mentioned above, I've already tried using SAB with a computer that's only connected to a simple DD-WRT router and I can access it from outside the network without any problems. When I bring this same computer and connect it to the network with pfsense as the main firewall, then I cannot access it from outside the network.

                                    1 Reply Last reply Reply Quote 0
                                    • G
                                      Gloom
                                      last edited by

                                      Under diagnostics -> Packet Capture

                                      Select the LAN interface Set the host address to the IP address of the internal device you are trying to connect to Set the level of detail to full, leave all others at their default. Then get someone outside the network to attempt a connection. Don't try to use NAT reflection as that will confuse things. If you look at the capture and your response is WTF post it and we can take a look.

                                      Never underestimate the power of human stupidity

                                      1 Reply Last reply Reply Quote 0
                                      • K
                                        kevindd992002
                                        last edited by

                                        Here it goes (I'm trying to access 192.168.1.2 from outside the network and it did captured some packets. I replaced the source IP address with x.x.x.x):

                                        http://pastebin.com/6YNr4ifL

                                        Any thoughts?

                                        1 Reply Last reply Reply Quote 0
                                        • G
                                          Gloom
                                          last edited by

                                          Well I see incoming traffic for 192.168.1.2 but I'm not seeing an outgoing response.
                                          Off the top of my head it's a routing issue. Is the LAN interface the default route? Try doing a traceroute from the device 192.168.1.2 and see where it thinks the packet should go.

                                          Never underestimate the power of human stupidity

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            dimkyson
                                            last edited by

                                            Did you defined static routes or is there a second router in your network which reaches the other lan networks? What is the client default gateway? Could you ping all the clients defined from the pfsense "ping tool"?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.