4. Cannot port forward

Cannot port forward

  • T

    I have looked over the forum and internet and I believe I am forwarding things correctly, but when I check the ports via the internet they still read closed.

    My NAT rule is below and the associated firewall rules below that.  I am a NOOB, obviously, so I apologize for the question, but it really seems I have everything set right.  It shouldn't be so complicated.  I am running openVPN and I am not sure if this is causing any issues.  I tried disabling all of it and it seemed to make no difference.  I have tried all different sorts of port numbers and just show 80 below as one example.  None of them have worked.  I have time warner cable and don't know if they block port 80 or not, but as I said I have tried many others including 8080, 8000 and 8088.

    One thing of possible interest is that if I do a port check on my VPN IP address, it shows that port 80 is OPEN.  Is that pertinent?

    If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports Description
    WAN TCP/UDP * * WAN address 80 (HTTP) Bigdaddy_Laptop 80 (HTTP)

    ID Proto Source Port Destination Port Gateway Queue Schedule Description
    icon IPv4 * EasyRuleBlockHostsWAN * * * *
    icon   IPv4 TCP/UDP * * Bigdaddy_Laptop 80 (HTTP) * none   NAT

    0
  • M

    @theaddies:

    ID Proto Source Port Destination Port Gateway Queue Schedule Description
    icon IPv4 * EasyRuleBlockHostsWAN * * * *
    icon   IPv4 TCP/UDP * * Bigdaddy_Laptop 80 (HTTP) * none   NAT

    Rules apply from the top down. You have your 'EasyRuleBlockHosts' rule in front of your forward for the 'bigdaddy laptop'. Put your blocks at the end of your ruleset, otherwise your allow rules can't be reached before the catchall block gets in the way.

    Also make sure your laptop is using the PFS at it's default gateway, otherwise responses to the port 80 requests won't be routed back out.

    0
  • V

    Have you opened access at the cable modem?

    To ensure, your provider doesn't block incoming traffic take a packet capture at WAN interface (Diagnostic menu > Packet Capture).

    0
  • LAYER 8 Netgate

    And why are you forwarding UDP/80?

    0
  • T

    Thanks for the comments. I removed the EasyRuleBlock and it had no effect.  I was forwarding UDP because I am a dope.  That is changed.  Regarding open access to the modem I wasn't aware I could do anything to it.  I have been tinkering with packet capture and while it works I can't figure out what it will tell me about port 80 or other ports for that matter.  I am quite befuddled about this.

    0
  • T

    I have tried everything I can think of and I cannot for the life of me get port forwarding to work.  Is it possible that it is completely blocked on my modem?  I have time warner cable for internet.  Is there a simple port I can forward and a test to follow to simply confirm that it can be done?

    0
  • LAYER 8 Global Moderator

    So why don't you sniff on your wan.. And then go to somewhere like canyouseeme.or and send traffic on 80.. Do you see the traffic??

    0
  • LAYER 8 Netgate

    You could also try a port less likely to be blocked.

    Just make the dest port something like 8880 and leave the NAT port as 80.

    Then try http://wanipaddress:8880/

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy