Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Forwarding ports?

    NAT
    4
    16
    1774
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      killmasta93 last edited by

      Hi,
      So…this is embarrassing..im not sure if there's a glitch in 2.2.2 which i have been reading other threads but coming from ddwrt I know how to port forward and more. The funny thing on pfsense The port 80 i can forward but i cant seem to forward 8080 which is the port to forward ddwrt router. Pfsense if handling the dhcp and the nighthawk router is as an access point working perfect. I tried forwarding the ports on the ddwrt (obviously didn't work just did it for the hell of it) can anyone shed some light?

      Thank you









      1 Reply Last reply Reply Quote 0
      • K
        killmasta93 last edited by

        bump

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          And why don't you just put in the IP of nighthawk?  Why do you have an alias in use?  Do you have an IP in the alias or name that is not resolving?

          What is the IP?

          Have you looked and followed https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

          1 Reply Last reply Reply Quote 0
          • K
            killmasta93 last edited by

            Hi,
            Thanks for the reply. I tried without alias the IP was 192.168.1.151 with port 8080 didnt work. Funny thing that all ports listed worked fine but when i tick other and put another port like 85 did not work. I will roll back to 2.1.5 to see if it works tonight and I will keep you posted if anything. I also tried the wiki but I know i can forward those ports because i have another router(ddwrt)  connected to my modem (bridge) and I can forward any port on ddwrt with no problem. Also side note I have two different external IP. I have no idea why.

            Thank you again

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              Your other IP is 192.168.3.1, do you have more than 1 lan segment?

              And have you gone through the doc I linked too - this is no brainer stuff to troubleshoot.  Did you sniff on your wan and the traffic is there, did you sniff on your lan and is the traffic sent?

              Are you trying to forward to the lan IP of your dd-wrt router?  And its also doing nat?  Draw out your network.

              1 Reply Last reply Reply Quote 0
              • C
                cmb last edited by

                @killmasta93:

                I will roll back to 2.1.5 to see if it works tonight and I will keep you posted if anything.

                Don't bother, that won't change anything. There's definitely nothing wrong with port forwards in any version.

                Go through the troubleshooting steps listed in the port forward troubleshooting document johnpoz linked. Try to connect from outside, go to Diag>States and filter on :8080. See it there? If not, packet capture on WAN filtering on port 8080. If so, what does the state look like?

                1 Reply Last reply Reply Quote 0
                • K
                  killmasta93 last edited by

                  So here my setup the 192.168.1.1 is completely separate and has no contact with pfSense. Later tonight i will send the information

                  Thank you


                  1 Reply Last reply Reply Quote 0
                  • K
                    killmasta93 last edited by

                    hi so heres the screen shot of the ports
                    Im just curious why it does not work for 8080 when i can forward on pfSense port 80 and 443 with no problem

                    Thank you




                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by

                      So what does a sniff show on the lan of pfsense - does it show it sending the traffic?  Does dd-wrt answer?  Looks like not answering to me.

                      1 Reply Last reply Reply Quote 0
                      • K
                        killmasta93 last edited by

                        o snap i think your right..i just tried port 22 i unchecked pfSense ssh to test the port then I tick ssh then open the port it worked. Hmm…howcome ddwrt not answering? well..worst case just create a vpn and connect to ddwrt

                        THANKS :)

                        1 Reply Last reply Reply Quote 0
                        • C
                          cmb last edited by

                          The connections are in time wait, which means they were successful at the TCP level bidirectionally, so your port forwards are fine. I presume that's the web interface of the DDWRT, what did you see in a browser trying to browse to :8080 on your IP from outside?

                          1 Reply Last reply Reply Quote 0
                          • K
                            killmasta93 last edited by

                            i think i need to play with some iptables in ddwrt to make it listen on that port because WAN is disabled on ddwrt

                            1 Reply Last reply Reply Quote 0
                            • K
                              killmasta93 last edited by

                              o snap…port 80 is also ddwrt internally and 8080 wont work because its for the WAN and its disabled.

                              My 2 options are:

                              Change port 80 on pfSense which I really dont want to
                              or
                              find a way to change port 80 on ddwrt
                              OR
                              is it possible two devices running on the same port (80) be able to port forward (maybe crazy idea)  :P

                              Thanks

                              1 Reply Last reply Reply Quote 0
                              • D
                                doktornotor Banned last edited by

                                There's really nothing preventing you from forwarding 8080 -> 80 or whatever. As a generic note, you'd better get HTTPS working everywhere. Sorry but sending firewall/router credentials in plaintext over internet is a very bad practice.

                                1 Reply Last reply Reply Quote 0
                                • johnpoz
                                  johnpoz LAYER 8 Global Moderator last edited by

                                  Why anyone would allow public access to their admin gui of anything is beyond me..  If you want to admin dd-wrt while your remote then vpn into pfsense and do it that way.  Then you don't have to forward anything either ;) This is way MORE secure..

                                  1 Reply Last reply Reply Quote 0
                                  • K
                                    killmasta93 last edited by

                                    Thanks johnpoz and doktornotor your completely right. Its better though VPN i guess i got used to ddwrt for a while didn't want to let it go.  :P Just trying to adapt more to pfSense now  :)

                                    Thank you again

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post

                                    Products

                                    • Platform Overview
                                    • TNSR
                                    • pfSense Plus
                                    • Appliances

                                    Services

                                    • Training
                                    • Professional Services

                                    Support

                                    • Subscription Plans
                                    • Contact Support
                                    • Product Lifecycle
                                    • Documentation

                                    News

                                    • Media Coverage
                                    • Press
                                    • Events

                                    Resources

                                    • Blog
                                    • FAQ
                                    • Find a Partner
                                    • Resource Library
                                    • Security Information

                                    Company

                                    • About Us
                                    • Careers
                                    • Partners
                                    • Contact Us
                                    • Legal
                                    Our Mission

                                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                    Subscribe to our Newsletter

                                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                    © 2021 Rubicon Communications, LLC | Privacy Policy