Forwarding ports?



  • Hi,
    So…this is embarrassing..im not sure if there's a glitch in 2.2.2 which i have been reading other threads but coming from ddwrt I know how to port forward and more. The funny thing on pfsense The port 80 i can forward but i cant seem to forward 8080 which is the port to forward ddwrt router. Pfsense if handling the dhcp and the nighthawk router is as an access point working perfect. I tried forwarding the ports on the ddwrt (obviously didn't work just did it for the hell of it) can anyone shed some light?

    Thank you











  • bump


  • LAYER 8 Global Moderator

    And why don't you just put in the IP of nighthawk?  Why do you have an alias in use?  Do you have an IP in the alias or name that is not resolving?

    What is the IP?

    Have you looked and followed https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting



  • Hi,
    Thanks for the reply. I tried without alias the IP was 192.168.1.151 with port 8080 didnt work. Funny thing that all ports listed worked fine but when i tick other and put another port like 85 did not work. I will roll back to 2.1.5 to see if it works tonight and I will keep you posted if anything. I also tried the wiki but I know i can forward those ports because i have another router(ddwrt)  connected to my modem (bridge) and I can forward any port on ddwrt with no problem. Also side note I have two different external IP. I have no idea why.

    Thank you again


  • LAYER 8 Global Moderator

    Your other IP is 192.168.3.1, do you have more than 1 lan segment?

    And have you gone through the doc I linked too - this is no brainer stuff to troubleshoot.  Did you sniff on your wan and the traffic is there, did you sniff on your lan and is the traffic sent?

    Are you trying to forward to the lan IP of your dd-wrt router?  And its also doing nat?  Draw out your network.



  • @killmasta93:

    I will roll back to 2.1.5 to see if it works tonight and I will keep you posted if anything.

    Don't bother, that won't change anything. There's definitely nothing wrong with port forwards in any version.

    Go through the troubleshooting steps listed in the port forward troubleshooting document johnpoz linked. Try to connect from outside, go to Diag>States and filter on :8080. See it there? If not, packet capture on WAN filtering on port 8080. If so, what does the state look like?



  • So here my setup the 192.168.1.1 is completely separate and has no contact with pfSense. Later tonight i will send the information

    Thank you




  • hi so heres the screen shot of the ports
    Im just curious why it does not work for 8080 when i can forward on pfSense port 80 and 443 with no problem

    Thank you





  • LAYER 8 Global Moderator

    So what does a sniff show on the lan of pfsense - does it show it sending the traffic?  Does dd-wrt answer?  Looks like not answering to me.



  • o snap i think your right..i just tried port 22 i unchecked pfSense ssh to test the port then I tick ssh then open the port it worked. Hmm…howcome ddwrt not answering? well..worst case just create a vpn and connect to ddwrt

    THANKS :)



  • The connections are in time wait, which means they were successful at the TCP level bidirectionally, so your port forwards are fine. I presume that's the web interface of the DDWRT, what did you see in a browser trying to browse to :8080 on your IP from outside?



  • i think i need to play with some iptables in ddwrt to make it listen on that port because WAN is disabled on ddwrt



  • o snap…port 80 is also ddwrt internally and 8080 wont work because its for the WAN and its disabled.

    My 2 options are:

    Change port 80 on pfSense which I really dont want to
    or
    find a way to change port 80 on ddwrt
    OR
    is it possible two devices running on the same port (80) be able to port forward (maybe crazy idea)  :P

    Thanks


  • Banned

    There's really nothing preventing you from forwarding 8080 -> 80 or whatever. As a generic note, you'd better get HTTPS working everywhere. Sorry but sending firewall/router credentials in plaintext over internet is a very bad practice.


  • LAYER 8 Global Moderator

    Why anyone would allow public access to their admin gui of anything is beyond me..  If you want to admin dd-wrt while your remote then vpn into pfsense and do it that way.  Then you don't have to forward anything either ;) This is way MORE secure..



  • Thanks johnpoz and doktornotor your completely right. Its better though VPN i guess i got used to ddwrt for a while didn't want to let it go.  :P Just trying to adapt more to pfSense now  :)

    Thank you again


Log in to reply