Forwarding- what am I doing wrong?

  • I read the port forwarding FAQ / troubleshooting… did I miss something? I'm on version 2.0 and trying to open up 3 ports for a game server. When I connect my PC directly to the internet it works. I've disabled windows firewall for testing, I am on a domain but I don't think I have to do anything to the domain server, it seems like this is a pfsense issue? The only firewall rules I have are the default ones... Block RFC 1918 networks and Block Reserved / not assigned by IANA

    I've tried to use this tool: 
    is this an accurate way to test if my ports are open? Do I have to have something running listening on that port for it to work? Having the game open did not work, the tool always says port is closed.

    When using this tool and quickly checking the firewall log, I see this red X error (see img below) next to all the entries:

    Mar 9 02:05:22 WAN TCP:S
    Mar 9 02:05:23 WAN TCP:S
    Mar 9 02:05:23 WAN TCP:S
    Mar 9 02:05:24 WAN TCP:S
    Mar 9 02:05:24 WAN TCP:S

    Thanks for any tips ???

  • LAYER 8 Global Moderator

    See the bottom of the screen you posted where it says NONE for filter rule association.. Why did you change that from the default of "add associated filter rule"??

    You can forward the traffic all day long, but if you don't have a rule on the WAN that allows it, it never gets to the forward part.

    Create a firewall rule on the wan to allow the traffic, or just redo you forward this time LEAVE the default to create the associated rule.

  • Thanks! That was it! I must have inadvertently selected none, now I see it created a linked rule.

    What is the best way to test if my ports are open properly after making changes to the rule tables? A site like I linked above? Do I have to have anything running listening on the port to test this, and if so what does one normally run?

    Thank you.

  • LAYER 8 Global Moderator

    Well yes you would have something listening - its not going to test open if there is not something there listening that port.

    Sure if you like that site, I normally use

    As to what you would normally run, you would run the application/service using the port you need to forward ;)  if its game server that needs said port, then I would have to assume its listening on that port - if not, then why in the world would it need that port?

    If your wanting to test udp, that is bit more difficult because there is no handshake like with tcp.  So there is not really a way to test that packet got there other than service working, etc.  Not sure of any sites off top of head that allow sending upd packets.  You would have to use maybe this online nmap site or another host outside to generate the traffic.

    Then you could sniff on your side to make sure your seeing the traffic where you want to see it, etc.

  • Thanks, I am testing strictly UDP which I guess is what threw me off as a newbie, since there was no handshake I guess I was expecting there to be one and since it never happened I assumed everything I did wasnt working.

    I got the port to open OK, I got some UDP port checker online to say OPEN. Everything seems OK. However, when some clients connect to me something strange is happening:

    Time                If     Source                  Destination                Proto

    Mar 9 14:00:01 WAN UDP
    Mar 9 14:00:02 WAN UDP
    Mar 9 14:00:05 WAN UDP
    Mar 9 14:00:20 WAN UDP
    Mar 9 14:00:25 WAN UDP
    Mar 9 14:00:28 WAN UDP
    Mar 9 14:00:29 WAN UDP
    Mar 9 14:01:13 WAN UDP
    Mar 9 14:01:13 WAN UDP
    Mar 9 14:01:14 WAN UDP

    So it looks like the source (my friend) is initiating his packets on the correct ports (2303-2305) but when it hits my WAN IP, its trying to connect on some random port? Of course this is blocked by the default deny rule since its outside of my opened range and thus he cannot connect. This port seems to change every few connection attempts he makes. Can it be the game doing this? If it was the game doing this wouldn't his source port be the one that's randomizing?

    Can his router (random consumer linksys or something) be doing this?

  • LAYER 8 Global Moderator

    Yeah he is coming from source on that port, which is ODD.. Normally a source port would be random >1023

    Normally if he is behind a NAT router then the source port would be randomized again because most routers default to napt.  that is how they share the public IP with lots of different private IPs behind them changing the source port on the public side.

    So I would think its his router - he must of dicked with default settings.  Setup some sort of source nat, etc.

    You sure those are not answers back to your box did you create traffic to his IP to 2304, and then he would answer you back from that port.

    What game are you trying to play??

    Vs just looking at the rules, I would do a sniff on your wan and see exactly what is happening.

  • The game is ARMA 3.

    Please excuse me for the basic questions, but this is my first time doing this. Just to make sure I'm on the right path, what I did was run the packet capture function on the WAN interface with everything left to default, had my friend attempt to connect, then downloaded the .cap file to analyze with wireshark. I then sorted the list by UDP and am kind of lost reviewing the data, is there anything in particular I should look for?

    When I use a portscan tool from a website I see what you mean, it uses a randomized source port but then tries to connect to me on the specified port (2304).

    Sorry  - just trying to learn how to do it on my own vs posting the .cap and having someone else do it for me.

  • LAYER 8 Global Moderator

    if you don't mind posting the cap I can take a look at point out what it in it.

Log in to reply