Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot port forward

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 5 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      theaddies
      last edited by

      I have looked over the forum and internet and I believe I am forwarding things correctly, but when I check the ports via the internet they still read closed.

      My NAT rule is below and the associated firewall rules below that.  I am a NOOB, obviously, so I apologize for the question, but it really seems I have everything set right.  It shouldn't be so complicated.  I am running openVPN and I am not sure if this is causing any issues.  I tried disabling all of it and it seemed to make no difference.  I have tried all different sorts of port numbers and just show 80 below as one example.  None of them have worked.  I have time warner cable and don't know if they block port 80 or not, but as I said I have tried many others including 8080, 8000 and 8088.

      One thing of possible interest is that if I do a port check on my VPN IP address, it shows that port 80 is OPEN.  Is that pertinent?

      If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports Description
      WAN TCP/UDP * * WAN address 80 (HTTP) Bigdaddy_Laptop 80 (HTTP)

      ID Proto Source Port Destination Port Gateway Queue Schedule Description
      icon IPv4 * EasyRuleBlockHostsWAN * * * *
      icon   IPv4 TCP/UDP * * Bigdaddy_Laptop 80 (HTTP) * none   NAT

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        @theaddies:

        ID Proto Source Port Destination Port Gateway Queue Schedule Description
        icon IPv4 * EasyRuleBlockHostsWAN * * * *
        icon   IPv4 TCP/UDP * * Bigdaddy_Laptop 80 (HTTP) * none   NAT

        Rules apply from the top down. You have your 'EasyRuleBlockHosts' rule in front of your forward for the 'bigdaddy laptop'. Put your blocks at the end of your ruleset, otherwise your allow rules can't be reached before the catchall block gets in the way.

        Also make sure your laptop is using the PFS at it's default gateway, otherwise responses to the port 80 requests won't be routed back out.

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by

          Have you opened access at the cable modem?

          To ensure, your provider doesn't block incoming traffic take a packet capture at WAN interface (Diagnostic menu > Packet Capture).

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            And why are you forwarding UDP/80?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • T
              theaddies
              last edited by

              Thanks for the comments. I removed the EasyRuleBlock and it had no effect.  I was forwarding UDP because I am a dope.  That is changed.  Regarding open access to the modem I wasn't aware I could do anything to it.  I have been tinkering with packet capture and while it works I can't figure out what it will tell me about port 80 or other ports for that matter.  I am quite befuddled about this.

              1 Reply Last reply Reply Quote 0
              • T
                theaddies
                last edited by

                I have tried everything I can think of and I cannot for the life of me get port forwarding to work.  Is it possible that it is completely blocked on my modem?  I have time warner cable for internet.  Is there a simple port I can forward and a test to follow to simply confirm that it can be done?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  So why don't you sniff on your wan.. And then go to somewhere like canyouseeme.or and send traffic on 80.. Do you see the traffic??

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    You could also try a port less likely to be blocked.

                    Just make the dest port something like 8880 and leave the NAT port as 80.

                    Then try http://wanipaddress:8880/

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.