Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Most Port Forwards working but not all

    Firewalling
    5
    7
    642
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alltime last edited by

      I am trying to resolve why the below Port Forwards are not working for port 443 (HTTPS). All of the other rules work flawlessly externally. However, I can only access the 443 forward internally. What gives?

      NAT Info:

      Firewall Rules (WAN):

      Firewall Rules (LAN):

      I went to Status >> System Logs >> Firewall to see if anything might be blocked, however nothing related any of the port forwards appear when searching (after attempting to visit them externally). Is there an alternative setting that needs to set to log the port forward information?

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        Are you running the pfSense WebGUI on 443 or 80?

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          Why would anyone have a allow all rule on their "wan" interface??

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

          1 Reply Last reply Reply Quote 0
          • M
            mikeisfly last edited by

            Maybe your Zone Director box has a firewall that is blocking the traffic that is not on the same subnet. Not sure what a zone director is? I did a quick Bing.com search on it and it looks like some type of wireless access Point controller. That might be your issue.

            1 Reply Last reply Reply Quote 0
            • A
              alltime last edited by

              It is the controller for our Ruckus wireless access points. I just wanted to make sure I'm not crazy, because these settings worked some time ago.  I had an allow all rule for testing purposes here.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                And why would you still have it if testing from before?

                Does your wireless controller have gateway set? This is common problem. Either the host your trying to ping has firewall, or the device has no or wrong gateway set because before you always accessed it from the same network.

                And your first rule there is forcing everying out a gateway.. load_balance.. If you want local segments to talk to each other you can not force traffic out a specific gateway that might not be able to get there.  First rule to fire wins.. none of the other rules are even looked at.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  I am not a fan of Dest Address '*'.  Not sure what it does but it just feels, well, sloppy to me.  Just specify the interface address or VIP.

                  As has already been pointed out, all your NAT targets need to be routing return traffic back to this pfSense node.  This usually means default gateway pointed at pfSense.

                  Chattanooga, Tennessee, USA
                  The pfSense Book is free of charge!
                  DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post