  • I am going nuts over this issue. I decided to deploy a pfsense box on our network a couple of weeks ago because we now have 1Gbps fiber and our commercial router just wouldn't pass data through the firewall fast enough. But, now I look like a jackhole to my employer because I CAN NOT get this machine to forward ports.

    PLEASE, don't link me to the how to forward ports thread. I have been researching and trying everything on the forums, and YouTube videos. I have reinstalled pfsense three times. I am at my witt's end.  According to the forum posts and how to videos I am doing everything correctly, but the firewall WILL NOT let anything pass.

    I am using x64 pfsense 2.1 with a socket 775 Core2Duo.
    The onboard Realtek LAN is my WAN port. RE1
    And I have a PCIe Realtek LAN card as my LAN connection. RE0

    If anyone can think of anything, please send it my way.


    Hi Mitch. Let me have a look. Send me a PM for details. I am CET timezone so on my way to bed. will be available in about 8 hrs.

    Wits end, so how about some details– so you have sniffed and the packets hit your wan interface of pfsense?  And pfsense just don't forward..

    Forwarding on pfsense should be click click - so it takes all of 30 seconds to actually verify that traffic is hitting your wan that you should forward.  Have you don't this - then where is this info so we can help you?

    From your post, what do you want to help other than pointing you to the how to troubleshoot port forwarding?

    So can you show the packets hitting pfsense but not going out the lan interface?  And your rules?

  • I have no idea why. This makes absolutely no since to me whatsoever.
    But, I bought an Intel Dual NIC and disabled the onboard Realtek, and
    repurposed the Realtek PCIe card that I had. Reinstalled pfsense, and
    my ports forwarded the very first time I tried it.

    Thanks for offering to help you two, but I didn't see your posts until now.
    I am baffled as to why this worked. Because both NICs were working
    fine, there is no reason pfsense, or FreeBSD, should see these any differently.

    Part of me wants to put the Realtek card back in and re-enable the
    onboard just to see if it would still be working. But, after messing with
    this thing for so long, I'm not going to risk loosing my progress.

    Thanks Guys,

  • @johnpoz:

    From your post, what do you want to help other than pointing you to the how to troubleshoot port forwarding?

    Add #15 to that Common Problems list for Port Forward Troubleshooting

    15.  If you are using Realtek NICs, ditch them and get Intel.


  • Ehmmm, I have a similar problem on nat 1:1

    My dmz mail server seems to get nated outside but not inside
    Take a look to these packet captures of an connection attempt to google:

    ON DSL interface:
    16:42:21.236894 IP XX.YY.ZZZ.245.1634 > tcp 0
    16:42:21.267025 IP > XX.YY.ZZZ.245.1634: tcp 0
    16:42:21.487296 IP XX.YY.ZZZ.245.1635 > tcp 0
    16:42:21.517592 IP > XX.YY.ZZZ.245.1635: tcp 0
    16:42:21.588509 IP > XX.YY.ZZZ.245.1634: tcp 0
    16:42:21.828523 IP > XX.YY.ZZZ.245.1635: tcp 0
    16:42:22.188522 IP > XX.YY.ZZZ.245.1634: tcp 0
    16:42:22.428460 IP > XX.YY.ZZZ.245.1635: tcp 0
    16:42:23.388629 IP > XX.YY.ZZZ.245.1634: tcp 0
    16:42:23.628438 IP > XX.YY.ZZZ.245.1635: tcp 0
    16:42:24.213257 IP XX.YY.ZZZ.245.1634 > tcp 0
    16:42:24.242951 IP > XX.YY.ZZZ.245.1634: tcp 0
    16:42:24.414444 IP XX.YY.ZZZ.245.1635 > tcp 0
    16:42:24.443562 IP > XX.YY.ZZZ.245.1635: tcp 0
    16:42:25.790529 IP > XX.YY.ZZZ.245.1634: tcp 0
    16:42:26.028500 IP > XX.YY.ZZZ.245.1635: tcp 0
    16:42:29.884252 IP XX.YY.ZZZ.245.1636 > tcp 0
    16:42:29.914162 IP > XX.YY.ZZZ.245.1636: tcp 0

    ON DMZ interface
    16:43:24.180029 IP > tcp 0
    16:43:24.265809 IP > tcp 0
    16:43:24.430940 IP > tcp 0
    16:43:24.475723 IP > tcp 0
    16:43:24.518007 IP > tcp 0
    16:43:27.180431 IP > tcp 0
    16:43:27.281005 IP > tcp 0
    16:43:27.381596 IP > tcp 0
    16:43:27.482185 IP > tcp 0
    16:43:27.482214 IP > tcp 0 is Mailserver IP in DMZ
    XX.YY.ZZZ.245 is virtual public IP (nated) on DSL interface is google

