Can't port forward

  • The usual use for port forwarding is to pass a packet arriving at the WAN interface through to something running in the DMZ or LAN. A web server is a classic example of this, where you forward port 80 on the WAN through to the internal web server. Each port forward must be accompanied by a corresponding firewall rule.

    Unless you have services running on the LAN/Port there is nothing to forward to. Perhaps a more detailed description of what you hope to achieve could get you a better answer

  • First i want to have a port open for utorrent and second i want to play Before i switched to pfsense i was able to play it. in the faq they suggest to open ports from 1024 to 65535. I also tried to configure a 1:1 nat creating a virtual ip, but when i apply changes internet stop runnig.

  • I see where the confusion has come in. You do not need port forwarding you simple need to allow your PC out for both UDP and TCP

    The only reason you would need port forwarding is if you were allowing people on the internet to access your PC and I believe the port for uTorrent to do that is 63443.

  • Ok, and how can i allow my pc out to tcp/udp? And i another thing i missed earlier, i want to browse into pcs in the network, both wifi and lan, i can see pcs connected in wifi but in can't connect to them. haxball is a p2p game also.

  • LAYER 8 Global Moderator

    Man there is a lot of confusion going on in this thread.

    For starters there is no specific port for torrents, you can use pretty much any port you want.  I use 42312 for example - so what did you setup in utorrent to use?  Now what is the IP of the box that is running utorrent,

    In pfsense forward the port you setup in utorrent to the IP address of your box running utorrent.

    If you still confused I can post up a picture of how my utorrent is setup.

    As to this game.. I looked up the faq on it

    Tell you to forward all the ports, or put your box in the DMZ is a bit drastic - but they say its a limitation of flash??  When I get home I will give it a test run and see what ports its using and if random?  I would assume enabling UPnP on pfsense would be an option - can test that and see if ports are opened via upnp on the game, etc.

    As to your wireless issue.  Is your wireless router connected to your PC, connected to your lan – I would assume your using it as router and not an accesspoint is your problem there.  If you want to be able to access your wireless devices from boxes connected to your lan then setup your wireless router as accesspoint.  In a nutshell, change is lan IP to be on your network 192.168.?.?  What did you setup pfsense to use?  Then on the wireless router turn off its DCHP server.  And connect it to your lan via one its lan ports - NOT THE WAN (internet) port..  There you go AP from any wireless router.

    I also have a question on your internet-->pfsense.  What device is pfsense plugged into??  What is the model number, what does pfsense show for its wan (internet) IP?  If it starts with 10.x.x.x, 192.168.x.x or 172.16-31.x.x the your behind a NAT already and yes this could cause you issues with port forwarding and that game you want to play.

  • Thanks for your reply. I have forwarded 42312 port (  Nat reflection enabled (pure NAT) Is this correct?

    My wan is, before pfsense there is only a black thing (image:
    The yellow wire is coming straight from my antenna on the roof, blue wire instead is connected to my wan interface. In pfsense i have a wireless card making my access point and the interface is called Wifi. Wifi interface and lan one are bridged togheter.

    For haxball, before i switched to pfsense there was a wireless router. With that i was able to play haxball and conect to other host fine, but after i switched to pfsense i am not be able to play haxball and connect to other hosts. I also tried to enable upnp but it doesn't work neither.

    For wireless connected devices now i can't see them on windows and they can't see me, but wireless connected devices can see each other.

  • LAYER 8 Global Moderator

    If your wan is My wan is

    Then your behind a NAT an your forwards are never going to work, unless you forward them on box doing nat in front of pfsense!

    Why would you forward the port I used as an example??  is that the port you setup in utorrent??

    So you bridged the interfaces in pfsense?  What rules did you create for the lan to the bridge?  Can you post up your rules for your lan and for your bridge.

    What IPs are you wireless clients getting, and what are you wired machines getting?  Can you give an example of each?  ipconfig /all from each would be perfect.

    Where is that black thing you gave a picture of?  That is a POE injector ;)  So the yellow gives power to whatever is on your roof, and the blue is just continuing the connection..  But if your pfsense has a PRIVATE IP on its wan, your not going to be able to do anything on pfsense to get forwards to work…  Unless your ISP has put your pfsense wan IP into dmz, etc.  I would contact your isp about port forwarding with a router connected to your blue wire.

  • I setup the port that you gave me on utorrent and i forwarded it. Now it's closed but to open it i must email my isp provider.

    I made rules only on wifi interface:
    and i made in system turnables that:

    Wired machines are only one, my pc ( Wireless machines are 192.168.2.x (my phone is
    This is my ipconfig:
    And this is from an wireless machine:

    The strange thing that i didn't understand why before i was able to play haxball fine and now i can't, my isp is the same.

    P.S im using pfsense 2.1 because 2.0.2 didn't recognize my wireless card.

  • LAYER 8 Global Moderator

    "Wired machines are only one, my pc ( Wireless machines are 192.168.2.x (my phone is"

    Your on different SEGMENT there - bridging that is not going to allow them to talk to each other ;)  If you want to talk to each other via bridging - then put them on the same address space.  If you want to be able to talk to them on different segments that works too, pfsense will just route the traffic.

    Well before you prob able to use UPnP to have your device on the roof open up the port, or if the nat is done upstream that devices.  But you put a NAT device (pfsense) behind a NAT..

    So you end up with this

    public IP (1st nat) 192.168.159.x –- (2nd nat device pfsense) --- (PC)

    So something on the internet wants to send you unsolicited traffic to your public IP -- that 1st devices says I have no idea what to do with this traffic, its not in answer to anything I sent out from my 192.168.159.x network - DROP IT!!

    So pfsense NEVER sees this traffic on your utorrent port to be able to forward that traffic to your Pc running utorrent.

    So never WORKS!

    Contact your ISP and ask them to put your device into bridge mode, or set it up so that UNSOLICITED traffic an get to your router you connected IP.  Then you can control the forwards you want on pfsense.

    If not you would have to run pfsense as a bridging firewall if you still want to use it.

    But as your wireless - why do you think you need to bridge the interfaces?  Why can your wireless not be on a different segment?  If you want them to be on the same network segment, then put them on the same network if your going to bridge traffic between the interfaces.  you did not do a /all on that command so I can not tell if you set them up static or if they are dhcp from pfsense?

  • OK thank you very much, i understood that i need to contact my isp and ask them to put my device in bridge mode or to put my wan in a dmz.
    Wireless, i bridged to lan just to make it work, before i bridged to lan i had limited connectivity and internet didn't work. Im not sure what made it work, bridging or making rules on firewall. I also have enabled dhcp server on both wifi and lan interface, but i had no idea that is a good or a bad thing. What should i do to see all pcs connected both in lan and wifi interface?

  • What should i do to see all pcs connected both in lan and wifi interface?

  • LAYER 8 Global Moderator

    What do you mean SEE??  Are you wanting them to be all on the same network, or different networks?

    So you can either have lan/wired network say and wireless segment and route traffic between them via pfsense.

    If you have a different interface in pfsense that your wireless AP is connected to I would use the routing method and just create firewall rules to allow the traffic you want.  So wired would be 192.168.1 and wireless would be 192.168.2

    If your going bridge then both wired and wireless need to be on the same network IP space if you want to "see" them - ie be able to connect to them.  All devices need to be on for example.

    Why do you not just put your AP on the network – do you not have a switch on this network you can connect the AP too?

  • I have a wifi card in pfsense box! Now i disabled bridge lan and wifi and wifi still work. I bridged them just to make wifi interface work, but the solution was putting rules and not bridging them. I want to be able to connect to wireless devices, but im wired connected to pfsense. I can't put wifi interface in the same subnet of lan ( because there is an error saying that address is used by another interface.

  • LAYER 8 Global Moderator

    I had forgotten your using a wifi card..  But sounds like you got i fixed.

    So your wifi card in pfsense is and your wired nic is – yup that is how you normally would do it.  Then just create your rules between your segments that you want to allow.

  • Nono, my wired nic is

  • LAYER 8 Global Moderator

    My bad - typo ;)  Yeah I meant for the wired

  • ok, and now what rules i should make? Can you give me what i should put in rules please? thank you a lot man  ;)

  • LAYER 8 Global Moderator

    Well if you want full access then just any any, if not limit to what you want..  I would assume if wanted to bridge that you just want full access.  I would think the default allow rules should give you full access.

  • Im a little confused, i want full access, i must bridge the interfaces or leave them unbridged?

  • LAYER 8 Global Moderator

    Unbridged - what are you confused about?

    You have 2 segments - forget that the 2nd network is wireless..  Why do you think you need to bridge?

    You have 2 networks, what are lrules on these 2 interfaces?  Guess I could fire up a picture if need be..

  • Now in windows in can see FreeBSD router, but not wireless devices.

    Here's my rules in Lan:
    And Wifi:

    Tell me what is wrong :)

  • LAYER 8 Global Moderator

    What do you mean SEE – like in UPnP see, thats what pfsense shows up as if you enable UPnP (freebsd router)

    You have this


    lan lets say with /24 mask, gateway is pfsense
    wifi lets say with /24 mask, gateway is pfsense

    Can you not ping from client to

    When you say SEE do you mean do you see UPnP/DLNA server on the other network, or do you mean like showing up in some windows browse list?  Explain your use of the term "SEE" -- in such setup has I have explained clients in both networks can "see" each other just fine via tcp/udp protocols that are routable across segments.  If your wanting something that has to be in the same broadcast domain to work, then no that will not work with 2 different network segments, ie 2 different broadcast domains.

    If you want all your devices to be in the same broadcast domain, ie all in then your going to have to create a bridge and use the same network.

    You can not create a bridge and use on one side and on other clients and expect them to talk to each other.

  • I mean showing it from windows browse, and have the ability to see public folder of any wifi connected pc and share files with them.
    Just there: (sorry it is italian)

  • LAYER 8 Global Moderator

    You sure and the hell do not need browse list to access shares.

    From your box on the wired network access \192.168.2.x address of the box doing the sharing, or the other way as well from your wifi access \192.168.1.x the IP address of the box in your lan segment

    That stupid windows browse list does not work across network segments without the use of a wins server.  But its completely utterly a waste of time effort traffic on your network..  What you don't know the name of your computer you want to access via dns name, or its IP?

    If you want to be able to broadcast for netbios names or have all your boxes show up in the same windows browse list then your going to have to put them all in the same broadcast domain, ie same segment

  • Ok, how can i put wifi interface and lan in the same segment? if i bridge wifi and lan in cannot put wifi interface on because is already occupied by lan one.

    I know all pcs names and pc but the windows browse list its ,for me, a simply way sharing files to pcs.

  • LAYER 8 Global Moderator

    So create a shortcut on your desktop for \nameofserver.domain.tld or \ipaddress - can't get any simpler than that.  Or just map a drive letter so shares on your computer look like the letter g:\ on your computer ;)

    Bridge your interfaces and then give the bridge your IP of, the individual interfaces don't to have IPs in that sort of setup.

    Or give them different IPs in the same segment, say and and create a bridge interface of

    I personally would not use bridging and just map your shares to a drive letter of folder - much easier access that way ;)  And you could even turn off the browse feature all together because its just sending unwanted traffic/noise on your network ;)

  • Im sorry man but don't know how to create \ipaddress shortcut or map a drive letter. Can you show me how to do that?  :'(

  • LAYER 8 Global Moderator

    you don't know how to map a drive letter in windows?  Really?

    As to put a shortcut - just drag the icon to your desktop in your widow showing you your share.  See attached example

    Do you know how to run a command and put in \IPaddress?  - see example after you hit the windowkey + R

    As to map, tools - map and then fillout the form.

    Let me know if you need more screenshots of more detailed help.

  • I cannot find temp folder :( i only found users folder.

  • LAYER 8 Global Moderator

    Really dude – Really??  That is MY MACHINE!!!  No shit my shares or IPs are not going to match up to yours ;)  ROFL!!

    It was an EXAMPLE, do I have to define the word example for you as well? ;)

  • No. I created Z: drive that contain my public folder, now how can i share it with wireless pcs?

  • LAYER 8 Global Moderator

    dude what do you mean you created a Z drive?  You MAP a share from one computer to a drive letter on another computer.

    What is the IP of your box you want to share your public folder from?

    from your wireless network \thatipaddress

    Do you see the shares - there you go done!  Now you can either map that to a drive letter on your wireless machine, or create a shortcut to it on your desktop.  Or any time you need to access a share just run \thatipaddress

    So you have been using computers for what like 3 days?

  • Man I have a pc connected with lan and is the only one wired connected to pfsense. All other cmpueters are connected via wifi. I want to share folders so if needed i can share files with other compueters. I mapped my public folder and i assigned the drive letter Z. Now, all other computers connected via wifi cannot see the folder. What i should do? The windows browse list was the simpliest way of sharing files for me.

  • LAYER 8 Global Moderator

    You mapped your public folder WHERE???

    From your wifi clients can you PING the ip address of your wired box??

    if so then \thatipaddress from your wifi boxes – do you see the shares of your wired box?  Do you get asked to auth?  What happens?  If you see the shares then map that to whatever drive letter you want on your wifi boxes, or drag it to your desktop on the wifi boxes so that they have a shortcut.

    Who uses these wifi boxes - are they new to computers as well?  How do you use a computer in this day and age an not understand how to access a share??  freaking blows my mind!

  • I mapped my public folder on my wired connected pc and wifi boxes cannot see that folder! I use a computer since ages ago, but before i was connected on previous router via wifi and all other computers were and i was able to share files through the windows browse list that you hate so much. Mapping a folder is new to me because i did never use that method before. If it blows your mind i can't doing anything.
    I also cannot ping wifi boxes from my pc:
    PING ( from 56 data bytes

    –- ping statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss

  • LAYER 8 Global Moderator

    "I mapped my public folder on my wired connected pc"

    Why and the F would you do that???  Your just accessing yourself??

    So your box is ???  What is the IP address of the pfsense lan IP?

    what OS are you using that shows ping command like that, from IP?

    And do you have a firewall running on the wifi box?  Windows by default will block icmp (ping)  So have you allowed the firewall or disable it so that you could test connectivity.

    You want your browse list back - then go back to that.. I already told you how to do it!!  Put your computers on the same network!  Bridge the physical interfaces on your pfsense = there you go everyone on the same broadcast domain and you can use your browse list.

    I really think you would be better off just buying a $50 wireless router and using that as your gateway.. Then there is no thought or setup..  You would have a wired port to plug your computer into, and a bridged wireless network where everyone gets IP from the routers dhcp server.

  • its the same thing! if i map a folder on a wifi computer, i cant see it from my pc!

    i used pfsense to test ping, just diagnostics - ping.

    My pc is, lan is, wifi is

    on the wifi box i have simply windows 7 or 8.

  • LAYER 8 Global Moderator

    ARrrghhh –

    do could you please post up your ipconfig /all from your wired box and wireless box.

    Then on each box do a net share command from cmd line this will show me the shares you have enabled on each computer.

    If you can NOT ping a wireless client from pfsense - can these wireless clients access the internet?  If so then you must have a firewall blocking the ping on the wireless client, or your not connected to the pfsense wireless

    As to mapping --  you don't MAP your own boxes shares.. you map the share on the other box..

    so pc, wireless client is 192.168.2.X

    So from wireless box run \

    do you see shares??  If so map one of those shares to a drive litter on your wireless box via the map dialog on the wireless box where it says \server\share use \\sharename, guessing its called public?  so \\public would be the path your mapping to say G: on your wireless box.

    If you want, I would be happy to teamviewer into your boxes and set this up for you - this way you can watch and we can work out if your having firewall issues or not, etc.  teamviewer is FREE and you can get it from here

    You can then send me a personal message here on the board and I can remote to your machine your running TV on and we can chat in realtime and you can everything I am doing, etc. etc.

  • I really appreciate your replies and time spent. I can ping wireless box from pfsense, before was only my error, when i pinged the wireless computer of my brother he was rebooting.
    I bridged the two interfaces as you said before and now all works properly.
    Now i can map a folder and other wireless devices can see and access to it. I think the problem was the different segmentation.
    I really really thank you ;D and im sorry if im so noob.

  • LAYER 8 Global Moderator

    The only problem with the segmentation would be the browse list would not work.. you would only ever see boxes on your own network with a browse list.

    But that browse list has NOTHING to do with sharing of files - nothing!

    Glad you got it working.

Log in to reply