Can't port forward
-
Hi everyone!
I can't port forward ports 1024-65535. I have Lan and Wifi interfaces bridged (Lan is 192.168.1.1, and Wifi is 192.168.2.1) and i want to forward ports from 1024 to 65535. I also enabled nat reflection (but which is better, nat only ot nat + proxy?) but with no success. In testport i have success only from wifi or lan interface, if i select wan interface it timeout. Hope can you help me.My config is: Internet–> Pfsense--> Lan-->My pc
-->WiFi--> Other devices -
anyone?
-
Your question is a little unclear. Which NIC are you setting up port forwarding on and which subnet/device are you port forwarding to.
-
i want to por forward wan on lan, but i cant do it.
-
The usual use for port forwarding is to pass a packet arriving at the WAN interface through to something running in the DMZ or LAN. A web server is a classic example of this, where you forward port 80 on the WAN through to the internal web server. Each port forward must be accompanied by a corresponding firewall rule.
Unless you have services running on the LAN/Port there is nothing to forward to. Perhaps a more detailed description of what you hope to achieve could get you a better answer
-
First i want to have a port open for utorrent and second i want to play haxball.com. Before i switched to pfsense i was able to play it. in the faq they suggest to open ports from 1024 to 65535. I also tried to configure a 1:1 nat creating a virtual ip, but when i apply changes internet stop runnig.
-
I see where the confusion has come in. You do not need port forwarding you simple need to allow your PC out for both UDP and TCP
The only reason you would need port forwarding is if you were allowing people on the internet to access your PC and I believe the port for uTorrent to do that is 63443.
-
Ok, and how can i allow my pc out to tcp/udp? And i another thing i missed earlier, i want to browse into pcs in the network, both wifi and lan, i can see pcs connected in wifi but in can't connect to them. haxball is a p2p game also.
-
Man there is a lot of confusion going on in this thread.
For starters there is no specific port for torrents, you can use pretty much any port you want. I use 42312 for example - so what did you setup in utorrent to use? Now what is the IP of the box that is running utorrent, 192.168.1.100??
In pfsense forward the port you setup in utorrent to the IP address of your box running utorrent.
http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3FIf you still confused I can post up a picture of how my utorrent is setup.
As to this game.. I looked up the faq on it http://www.haxball.com/faq.html#connection_problems
Tell you to forward all the ports, or put your box in the DMZ is a bit drastic - but they say its a limitation of flash?? When I get home I will give it a test run and see what ports its using and if random? I would assume enabling UPnP on pfsense would be an option - can test that and see if ports are opened via upnp on the game, etc.
As to your wireless issue. Is your wireless router connected to your PC, connected to your lan – I would assume your using it as router and not an accesspoint is your problem there. If you want to be able to access your wireless devices from boxes connected to your lan then setup your wireless router as accesspoint. In a nutshell, change is lan IP to be on your network 192.168.?.? What did you setup pfsense to use? Then on the wireless router turn off its DCHP server. And connect it to your lan via one its lan ports - NOT THE WAN (internet) port.. There you go AP from any wireless router.
I also have a question on your internet-->pfsense. What device is pfsense plugged into?? What is the model number, what does pfsense show for its wan (internet) IP? If it starts with 10.x.x.x, 192.168.x.x or 172.16-31.x.x the your behind a NAT already and yes this could cause you issues with port forwarding and that game you want to play.
-
Thanks for your reply. I have forwarded 42312 port (http://imageshack.us/photo/my-images/819/portforward.png/) Nat reflection enabled (pure NAT) Is this correct?
My wan is 192.168.159.122, before pfsense there is only a black thing (image: http://imageshack.us/photo/my-images/405/img20130311205139.jpg/).
The yellow wire is coming straight from my antenna on the roof, blue wire instead is connected to my wan interface. In pfsense i have a wireless card making my access point and the interface is called Wifi. Wifi interface and lan one are bridged togheter.For haxball, before i switched to pfsense there was a wireless router. With that i was able to play haxball and conect to other host fine, but after i switched to pfsense i am not be able to play haxball and connect to other hosts. I also tried to enable upnp but it doesn't work neither.
For wireless connected devices now i can't see them on windows and they can't see me, but wireless connected devices can see each other.
-
If your wan is My wan is 192.168.159.122
Then your behind a NAT an your forwards are never going to work, unless you forward them on box doing nat in front of pfsense!
Why would you forward the port I used as an example?? is that the port you setup in utorrent??
So you bridged the interfaces in pfsense? What rules did you create for the lan to the bridge? Can you post up your rules for your lan and for your bridge.
What IPs are you wireless clients getting, and what are you wired machines getting? Can you give an example of each? ipconfig /all from each would be perfect.
Where is that black thing you gave a picture of? That is a POE injector ;) So the yellow gives power to whatever is on your roof, and the blue is just continuing the connection.. But if your pfsense has a PRIVATE IP on its wan, your not going to be able to do anything on pfsense to get forwards to work… Unless your ISP has put your pfsense wan IP into dmz, etc. I would contact your isp about port forwarding with a router connected to your blue wire.
-
I setup the port that you gave me on utorrent and i forwarded it. Now it's closed but to open it i must email my isp provider.
I made rules only on wifi interface: http://imageshack.us/photo/my-images/266/wifirules.png/
and i made in system turnables that: http://imageshack.us/photo/my-images/855/systemturnables.png/Wired machines are only one, my pc (192.168.1.100) Wireless machines are 192.168.2.x (my phone is 192.168.2.2)
This is my ipconfig: http://imageshack.us/photo/my-images/20/ipconfigmypc.png/
And this is from an wireless machine: http://imageshack.us/photo/my-images/832/ipconfigwirelesspc.png/The strange thing that i didn't understand why before i was able to play haxball fine and now i can't, my isp is the same.
P.S im using pfsense 2.1 because 2.0.2 didn't recognize my wireless card.
-
"Wired machines are only one, my pc (192.168.1.100) Wireless machines are 192.168.2.x (my phone is 192.168.2.2)"
Your on different SEGMENT there - bridging that is not going to allow them to talk to each other ;) If you want to talk to each other via bridging - then put them on the same address space. If you want to be able to talk to them on different segments that works too, pfsense will just route the traffic.
Well before you prob able to use UPnP to have your device on the roof open up the port, or if the nat is done upstream that devices. But you put a NAT device (pfsense) behind a NAT..
So you end up with this
public IP (1st nat) 192.168.159.x –- 192.168.159.122 (2nd nat device pfsense) 192.168.1.1 --- 192.168.1.100 (PC)
So something on the internet wants to send you unsolicited traffic to your public IP -- that 1st devices says I have no idea what to do with this traffic, its not in answer to anything I sent out from my 192.168.159.x network - DROP IT!!
So pfsense NEVER sees this traffic on your utorrent port to be able to forward that traffic to your 192.168.1.100 Pc running utorrent.
So never WORKS!
Contact your ISP and ask them to put your device into bridge mode, or set it up so that UNSOLICITED traffic an get to your router you connected IP. Then you can control the forwards you want on pfsense.
If not you would have to run pfsense as a bridging firewall if you still want to use it.
But as your wireless - why do you think you need to bridge the interfaces? Why can your wireless not be on a different segment? If you want them to be on the same network segment, then put them on the same network if your going to bridge traffic between the interfaces. you did not do a /all on that command so I can not tell if you set them up static or if they are dhcp from pfsense?
-
OK thank you very much, i understood that i need to contact my isp and ask them to put my device in bridge mode or to put my wan in a dmz.
Wireless, i bridged to lan just to make it work, before i bridged to lan i had limited connectivity and internet didn't work. Im not sure what made it work, bridging or making rules on firewall. I also have enabled dhcp server on both wifi and lan interface, but i had no idea that is a good or a bad thing. What should i do to see all pcs connected both in lan and wifi interface? -
What should i do to see all pcs connected both in lan and wifi interface?
-
What do you mean SEE?? Are you wanting them to be all on the same network, or different networks?
So you can either have lan/wired network say 192.168.1.0/24 and wireless segment 192.168.2.0/24 and route traffic between them via pfsense.
If you have a different interface in pfsense that your wireless AP is connected to I would use the routing method and just create firewall rules to allow the traffic you want. So wired would be 192.168.1 and wireless would be 192.168.2
If your going bridge then both wired and wireless need to be on the same network IP space if you want to "see" them - ie be able to connect to them. All devices need to be on 192.168.1.0/24 for example.
Why do you not just put your AP on the 192.168.1.0/24 network – do you not have a switch on this network you can connect the AP too?
-
I have a wifi card in pfsense box! Now i disabled bridge lan and wifi and wifi still work. I bridged them just to make wifi interface work, but the solution was putting rules and not bridging them. I want to be able to connect to wireless devices, but im wired connected to pfsense. I can't put wifi interface in the same subnet of lan (192.168.1.1) because there is an error saying that address is used by another interface.
-
I had forgotten your using a wifi card.. But sounds like you got i fixed.
So your wifi card in pfsense is 192.168.2.1 and your wired nic is 192.168.2.1 – yup that is how you normally would do it. Then just create your rules between your segments that you want to allow.
-
Nono, my wired nic is 192.168.1.1
-
My bad - typo ;) Yeah I meant 192.168.1.1 for the wired
