Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense will not nat or open firewall port

    Firewalling
    3
    6
    1663
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      redraider85 last edited by

      I have setup a windows 2k8 vpn server and can successfully connect to it from within my network So i know the server settings are correct. The NAT and firewall rules I have screenshots attached. I try doing a port scan from a couple different websites and all of them come back saying port 1723 and 47 tcp are blocked…..what am I doing wrong?



      1 Reply Last reply Reply Quote 0
      • F
        Finger79 last edited by

        Someone correct me if I'm wrong, but I think on your Port Forwarding rules, delete the Source Port (they're random ephemeral ports generated by the client).  Destination Ports and NAT Ports are correctly specified as tcp/47 and tcp/1723.

        Also, consider PPTP VPNs 100% compromised and 100% unsecure.  Switch to an SSL/TLS OpenVPN setup or IPSEC setup.

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          Yeah correct those forwards would never work because of the source port being specific.

          Also - GRE is not PORT 47, it is PROTOCOL 47 - completely different!!
          http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers

          Couple ways to think about it, a PORT like you listed is normally using either the tcp or udp protocols.  While tcp is procotol 6 and udp is 17.  A port tells you where, a protocol tells you how.

          I have seen this example
          ports = ears, mouth, eyeball, touch
          protocols = English, Spanish, Sign Language, Braille

          People get confused because protocols that they are use to like http and https, ssh, ftp all have default/standard tcp or udp they talk on like 80, 443, 22, 21 control and source port of 20 for active data channel.  But tcp and udp are just 2 of the protocols..  See the listing - there are lots of different protocols for talking over a network.

          Also – I agree pptp is deprecated, I would look to current secure options for vpn.  If you really wanted to use pptp, why not just let pfsense do it vs forwarding inbound to some other server?






          1 Reply Last reply Reply Quote 0
          • R
            redraider85 last edited by

            well does anyone have instructions of how to go about setting up a L2TP/IPSEC vpn tunnel?

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              To what endpoint pfsense? Or through pfsense to something else.  From what client?

              https://doc.pfsense.org/index.php/VPN_Capability_IPsec
              https://doc.pfsense.org/index.php/L2TP/IPsec_on_Android

              1 Reply Last reply Reply Quote 0
              • R
                redraider85 last edited by

                would like to try both but more so through pfsense to a windows 28k box

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy