Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port Forwarding simple question

    General pfSense Questions
    4
    17
    3030
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      garethsnaim last edited by

      Hi.

      I hate being a moron, I really do but I have not been able to set up a simple port forwarding. For all intents an purposes my router is 'stock'. All I want to do is forward a port to direct to my server. For the life of me I cannot get it to work.

      I have created a port forward rule in NAT, with my server addy being destination. clicked save but according to a port checker on line its stealth. I don;t know what to do next, I just want one port opened.

      Cheers

      1 Reply Last reply Reply Quote 0
      • ptt
        ptt Rebel Alliance last edited by

        https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          is your pfsense behind a nat, ie is it wan 10.x.x.x, 192.168.x.x or 172.16-31.x.x (rfc1918) if so then the traffic you want to forward is most likely never getting to pfsense to forward.  You have to forward the port(s) on the device in front of pfsense.

          This is a common issue - gone over in the troubleshooting doc listed.

          Another real common mistake is the traffic is being forwarded, but the server firewall is blocking the traffic with its software firewall.

          1 Reply Last reply Reply Quote 0
          • G
            garethsnaim last edited by

            I'll take a look at the troubleshooting guide in depth later, if its anything like the instructions for setting up a port forward I will probably be in trouble.

            I have half an understanding. My wan IP is dynamic so I have a dyns set up which I know works. The domain name I have web forwarded to that address with the port I need at the end, in the past this worked just fine with an asus router.

            The server firewall is set to allow the port connection and the iis server is expecting that port for the website I want it for.

            So its just a case of getting my head around port forwarding on the pfsense. Its somewhat more complicated than consumer router software.

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              "Its somewhat more complicated than consumer router software."

              Hows is that? You fill out your port and IP on a gui = DONE!!  How is that any different or harder or more complicated in any way than your soho router??

              New port forward
              pick port from dropdown, or put in the port
              put in IP of machine to forward too
              pick port to send to machine - normally always going to be the same as the first drop down

              Takes all of 10 seconds at most..

              clickity clickity port open…  How is that really any different than say linksys.. In that example doesn't let you pick sending different port..  Just because it takes options away from the user doesn't make it easier..

              In your typical forward in pfsense all that is required is the port port and IP.. leave everything else at default..






              1 Reply Last reply Reply Quote 0
              • G
                garethsnaim last edited by

                Hi I notice in your first image that you can edit destination port ranges, on mine if I select http in the pop up box (or MS RDP which is another I am trying to fix) I am not able to enter the port in the box to to the side which is coloured dark red.

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  Yeah. When you select HTTP you are selecting port 80. If you want to select at arbitrary port number select other and the option to enter an arbitrary port number will appear.

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    So you want to forward remote desktop?  3389, or you changed your port number?

                    To be honest really bad idea to open that to the public net.. be it you try and hide the port or not by changing it from default.  If you want/need to remote to desktops in your network, much more secure to vpn in and then access whatever services you need.

                    1 Reply Last reply Reply Quote 0
                    • G
                      garethsnaim last edited by

                      Hi John.

                      Yes I understand that. I do have VPN enabled but really struggle with it on OpenVPN. I think I will just install tonido or something similar.

                      As it goes I am not trying to open remote desktop port. I am trying to open another port, fact for me is when I select another port and save the changes, port scanners such as from gibson show it as stealth. so really i don't know what else to do.

                      It does not work.

                      1 Reply Last reply Reply Quote 0
                      • Derelict
                        Derelict LAYER 8 Netgate last edited by

                        What, precisely, are you trying to do?

                        A description such as "connections to WAN address on TCP 6969 should be forwarded to internal host 192.168.1.100 port TCP 9696"

                        1 Reply Last reply Reply Quote 0
                        • G
                          garethsnaim last edited by

                          Hi.

                          ON my main server I have IIS set up. I have have a couple of websites. At one point I had four. The way I dealt with this was to port forward from my various domain names to ports on the server. So for the sake of argument website one was on port 7777. On the main server the IIS was set up that the website was accessed on 7777. On that sever I opened the firewall to allow 7777.

                          On the router I then goto nat. In there I create a new rule. The rule is set to allow incoming connections on 7777 (as set on port forward on my domain) to goto the server 192.168.0.4:7777

                          PFSense says that is set. Port checker says its stealth and I cannot access the website from the domain.

                          I can obviously connect to it on Lan on that port.

                          I am not sure what else to do.

                          1 Reply Last reply Reply Quote 0
                          • Derelict
                            Derelict LAYER 8 Netgate last edited by

                            Have you gone over EVERYTHING on the list here?

                            https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

                            (Hint - it's almost ALWAYS something on that list. People just skip checking things because they sound like they couldn't be it but it is. REALLY check everything on that list. If you've already checked it, check it again.)

                            Time for some screen shots of your port forward settings and WAN rules.

                            1 Reply Last reply Reply Quote 0
                            • G
                              garethsnaim last edited by

                              Hello all.

                              I am still struggling with this. It seems straight forward but its not working for me, everything I do results in a 'stealth' from port checkers and nothing gets through,

                              SO I have set up a test. here is what I put in NAT portforward:

                              And this auto shows in rules:

                              IS there something else I should be doing, I just want certain ports open and incoming from the web on those ports directed to a certain IP on my network, for the life of me it won't work.

                              1 Reply Last reply Reply Quote 0
                              • Derelict
                                Derelict LAYER 8 Netgate last edited by

                                That all looks right. Check the local "software" firewall on 192.168.0.97. Check items 2, 3, 4 on 192.168.0.97.

                                1 Reply Last reply Reply Quote 0
                                • G
                                  garethsnaim last edited by

                                  Hi Derilict.

                                  According to a couple of online port checkers, that port is stealth, so I don't believe its anything to do with the server I am pointing too, besides the firewall on that is set to allow on that port.

                                  1 Reply Last reply Reply Quote 0
                                  • Derelict
                                    Derelict LAYER 8 Netgate last edited by

                                    Well your port forward is correct so it's something else. Not sure what to tell you.

                                    Sniff on WAN for the traffic coming in on WAN address:60671 then sniff on LAN for traffic to 192.168.0.97:60671.

                                    If you don't see the traffic on WAN, something (your ISP) is blocking it. If you don't see the traffic on LAN, your port forward/rules are wrong. If you see the traffic out LAN and no reply, it's something on the server.

                                    Diagnostics > Packet Capture

                                    1 Reply Last reply Reply Quote 0
                                    • G
                                      garethsnaim last edited by

                                      I'll try. not great at this stuff!

                                      I checked in 'show states' there is no evidence of that port being used and I tried the port checker using my phone on 4G.

                                      I might take this opportunity to install a smaller PC I have and start again, I really think something has gone pear shaped.

                                      For instance when I first set up PFsense 'back to mac' a mac only sort of VPN thing worked great, without changing anything that no longer works and also I gave up entirely on OpenVPN it worked for a little while, but no longer.

                                      I need to sort it, my son wants his minecraft server to share with his mates.

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post

                                      Products

                                      • Platform Overview
                                      • TNSR
                                      • pfSense Plus
                                      • Appliances

                                      Services

                                      • Training
                                      • Professional Services

                                      Support

                                      • Subscription Plans
                                      • Contact Support
                                      • Product Lifecycle
                                      • Documentation

                                      News

                                      • Media Coverage
                                      • Press
                                      • Events

                                      Resources

                                      • Blog
                                      • FAQ
                                      • Find a Partner
                                      • Resource Library
                                      • Security Information

                                      Company

                                      • About Us
                                      • Careers
                                      • Partners
                                      • Contact Us
                                      • Legal
                                      Our Mission

                                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                      Subscribe to our Newsletter

                                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                      © 2021 Rubicon Communications, LLC | Privacy Policy