Yes Another Port Forwarding Issue.

  • Hey all.

    I've been using pfSense for a while now.  I've never had to forward a port until now and am having issues in doing so.

    I have followed the "How can I forward ports with pfSense" document in the pfSense Docs online and it didnt work.  Nothing is getting through the port in question. I've tried to troubleshoot it looking at a number of different angles, including checking everything within the "Port Forward Troubleshooting" guide in the pfSense docs.

    I have the following system setup:

    Cable Modem>pfSense>Router>Various PC's

    pfSense Version: 2.1.4
    Client Machines: Windows 7 / 8 / WS2008 R2 / WS2012 R2 mix

    When I setup the NAT Port Forward, this is what it looks like:

    IF: WAN
    Proto: TCP/UDP
    Src. Addr: *
    Src Ports: * (MS RDP was selected)
    Dest. Addr: WAS Address
    Dest. Ports: 3389 (MS RDP)
    NAT IP: (The machine I'm trying to access through the ports above)

    This also created a rule that was linked to the NAT Port Forward.
    Proto: IPv4 TCP/UDP
    Source: *
    Port: *
    Port: 3389 (MS RDP)
    Queue: Schedule: None

    I've checked to confirm the ports are open on the client machine - they are and I'm able to connect to the RDP Ports within the local network.
    I've check to make sure the client machine is using the pfSense Gateway.  It is.
    I know my ISP isn't blocking the ports.  (I've even gone as far as using different ports - none work when port forwarding in pfSense is setup)

    Any assistance would be greatly appreciated.

  • Hi sapper,

    From where are you trying to use Remote Desktop? And have you checked on the destination server that there isn't a local firewall that's messing with you?

    And did you mean:
    Cable Modem>pfSense-Router>Various PC's
    Or do you really have another router connected behind pfSense?

  • Thanks Vindenesen.

    In answer to your questions,

    I have tried connecting to the RDP machine from a number of locations.  I use my iphone with the Microsoft Remote Desktop app to test on the fly from when I'm sitting through the 3G network.  I have no issues connecting to other RDP sessions from the phone.  I have also tried from a few other locations, all which have routers but I have opened the ports on them and have no issues connecting to other RDP sessions that are off site from the system I'm having issues connecting to.

    As for the network design, sorry I didnt describe that as best as I should have.

    I have pfsense running on a Poweredge Server within a vmware client.  There are two dedicated ports to the pfsense client that are only used by pfsense.  One is the WAN port the other is the LAN port.  There are three other NIC ports on this server which are dedicated to the other VM's on the server so they dont cross paths with those dedicated to the pfSense ports.  The dedicated pfSense LAN port then connects to a Netgear dumb switch (Not a router - my bad for that) which distributes the LAN connections to my other systems.

  • I've checked to confirm the ports are open on the client machine - they are and I'm able to connect to the RDP Ports within the local network.

    You say you have tested RDP towards the server from your local network. Do you have Windows Firewall enabled on the server which you are trying to connect to? If it has firewall enabled, sometimes it could be that it only allows RDP from hosts in the same subnet.

    Have you checked in Diagnostics -> States, if a state is created when you try to connect to the server with RDP from the outside? You could filter on ":3389". And does the firewall logs in pfSense show anything useful?

  • Ok so I'm going to put my tail between my legs and walk away now.  I've found the issue and you indirectly put me onto it Vindensen.  Thanks for that.

    I had in the past checked the firewall logs and din't notice anything.  I checked them again, and still didn't notice anything.  Then I thought to myself well why am I not noticing anything? This is when it him me to look into a very unlikely scenario that turned out to be the problem.

    A month and a half ago I upgraded my internet connection from a 50 Mbps line to a 100 Mbps line.  When I did this my ISP did a reset on the modem.  So I just logged into my Modems admin panel and noticed the Modem had been taken OUT of Bridge Mode and was back in factory default Router mode.  This placed an additional firewall IN FRONT of pfSense.

    I have placed it back into Bridge mode and sure enough, I'm able to get through with my port forward's with ease.

    Honestly I would never had thought of that if you hadn't asked if I looked through the logs.  I would never have noticed something was missing from them.

    Thanks for your help on this.

  • Glad to hear that I was of some help :)