Port forwarding headaches
-
^ valid point.. Where is your actual forward?? You just have firewall rules.. And source is wrong as well as dok already pointed out.
You pick what port you want to forward and what private IP you want to send it too - it auto does the firewall rules.
What do you mean? I thought the firewall rules defined that by setting a source port/address to destination port/address.
Am I missing something vital here? Any time I try to use NAT > Forward I lose connection and need to rollback to get it back.
-
Dude it take 2 seconds to create a forward..
Here you really have to only touch 3 boxes.. What port your forwarding http in this case.. What IP you want to send it to.. And that you want to send to http as well.. Vs say sending port 10,000 on you wan to 80 on private side box.
If this take you more than 5 seconds your doing it wrong!! Those are the only things you have to touch to send http to a box on pfsense lan.. It will create the firewall rule for you… It really could not be any simpler..
You mentioned "I don't use any NAT" Nonsense how would you nat that public IP your ISP gives on your wan to your private rfc1918 space?? So clearly your using nat - unless pfsense is behind a nat arleady.. Did you disable nat in pfsense? If so it would not be working if your pfsense had public on its wan.
-
Thanks, managed to find out what I did wrong. I followed this guide, but what made me think it didn't work is the fact that my entire access to the internet drops when I apply any NAT settings. If I reboot pfSense then things are up and working again, and this time the port forward does work. But why does the connection cut out entirely? I lose connection to Internet, and a few seconds later I also lose connection to pfSense Web Admin entirely.
-
I can tell you that do forwards on the fly, other changes on the fly and pretty never have to reboot pfsense nor do I loose connectivity if doing any sort of firewall rule or forward.
-
Yeah well I can't explain it either, and the whole disconnection issue was what steered me away from NAT, since whatever I did I lost connection. And I sure can't reboot every time I add or change a rule. So something is very off here.
-
what hardware are you running on, what version of psfense. What is your internet connection, dhcp cable? dsl, are you using pppoe connection?
Etc.. etc.. Without having some clue to your environment it would be impossible for me to even guess to what is going on.. All I can say is I have been using pfsense since version 1.x and have never seen that sort of thing on my installs, be it on hardware or vm.
-
What I did notice now is that the connection dropped out entirely only when the first NAT port forward was added. Once I rebooted and added more forwards the connection didn't drop out anymore. Perhaps it's a bug, or delayed reload of the service, I don't know, but I thought it was important to mention.
I am on fiber (1000/1000) (no PPPoE, just a Cat6 right into the wall :) ) and use pfSense 2.2-RELEASE (amd64).
But everything seems to work now. Thanks for all the input, I sure learned a lot more today. And very quick response as well, much appreciated!
-
fiber 1000/1000 – bastard!!! ;) heheeheh
-
Yep, and for cheaps :). Thanks to you and doktornotor for all the help!
-
look like your not the only one on fresh install 2-2 RELEASE having port forward issue.
I can't figure out why my VOIP port won't forward correctly. Was working fine on 2.1.5-RELEASE.
A reboot did not help. still not able to redirect 5060 TCP/UDP, 5090 TCP/UDP and 9000-9049 UDP
any idea what is hapenning ?
-
So did you do a clean install and try an import the forwards, or did you recreate them from scratch like your fresh install?
-
clean install since upgrade from 2.1.5 fail with mountroot issue (there is plenty of other thread about that)
the config was rebuilt by hand. No config file reuse.
i've tryed to log packets via related rules but firewall log seem in problem too (see thread in firewall section)
i'm thinking going back to 2.1.5 since NAT seem to be in trouble in 2.2 but can try some diagnostic/workaround before
-
There is no such issue. Nuke all the broken manual firewall rules you created. Create port forwards in Firewall - NAT - Port Forwarding. Click Apply. Check that Outboud NAT is at Automatic (Outbound tab). Done.
-
That the way i always did
i've deleted and remake those Port forward numbered of time to be sure i haven't do a mistake : still nothing
even with hybrid or manual outbound rule, it does not work
also, my pbx (3CX) use stun server to diagnose firewall port forward and some time in the same test it just won't connect to the stun server BUT internet is working fine and can resolve DNS query
that's a really weird trouble :S
-
Ok, this is clearly related to 2.2
I have to explain that i run PFSense in a Xenserver 6.5 VM
I stopped the 2.2 and reinstall a fresh 2.1.5 on another VM WITH THE SAME CONFIG DONE MANUALLY (no backup/restaore) and now port forwarding work as expected2.2 is installed with xentools, 2.1.5 no xentools (since not available)
i guess there is two possible thing :
1- Xentools giving issue
2- 2.2 having weird issue with port forwardingany idea where to start for diagnostic ? i can provide config file for analysis
-
Lets think about it.. If 2.2 was having in general port forwarding issues. I would think the boards would be LIT UP like a xmas tree.. I would of thought this would of shown up in beta, RC, etc..
But what I have seen is some weird threads where having problem win xen.. My guess is xen..
I can tell you for sure I am running on esxi, and 2.2 was running before the RC, etc.. And have had zero issue with port forwarding, etc..
To be honest I think there should be a new sticky somewhere, when posting a problem not only should you state what version your running, be it i386 or 64 but clarification on if on actual hardware or VM, if vm what software is it on, etc..
If you would of mentioned xen in your OP, I could of pointed to other threads where users having odd issues with xen. Here is one that comes fresh to my mind.
https://forum.pfsense.org/index.php?topic=86827.0 -
XenServer 6.2 workaround here: https://forum.pfsense.org/index.php?topic=85797.0
It has zero to do with port forwarding. -
Perhaps it's a bug
Most of the bugs in pfSense are in the Layer 8 code base. It's pretty complicated stuff. They try and try release after release but they just can't seem to get it right.
Glad you got it working.
-
^ hehehehe yeah I would agree layer 8 is a HUGE problem..
I find layer 8 a huge PITA at work as well, it is a very complicated problem dealing with layer 8.. No matter how clear you try and code the solution - it has problems there..
-
Yeah - My layer 8 has issues to death…
