Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding simple question

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 4 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      Yeah. When you select HTTP you are selecting port 80. If you want to select at arbitrary port number select other and the option to enter an arbitrary port number will appear.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So you want to forward remote desktop?  3389, or you changed your port number?

        To be honest really bad idea to open that to the public net.. be it you try and hide the port or not by changing it from default.  If you want/need to remote to desktops in your network, much more secure to vpn in and then access whatever services you need.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • G
          garethsnaim
          last edited by

          Hi John.

          Yes I understand that. I do have VPN enabled but really struggle with it on OpenVPN. I think I will just install tonido or something similar.

          As it goes I am not trying to open remote desktop port. I am trying to open another port, fact for me is when I select another port and save the changes, port scanners such as from gibson show it as stealth. so really i don't know what else to do.

          It does not work.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            What, precisely, are you trying to do?

            A description such as "connections to WAN address on TCP 6969 should be forwarded to internal host 192.168.1.100 port TCP 9696"

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • G
              garethsnaim
              last edited by

              Hi.

              ON my main server I have IIS set up. I have have a couple of websites. At one point I had four. The way I dealt with this was to port forward from my various domain names to ports on the server. So for the sake of argument website one was on port 7777. On the main server the IIS was set up that the website was accessed on 7777. On that sever I opened the firewall to allow 7777.

              On the router I then goto nat. In there I create a new rule. The rule is set to allow incoming connections on 7777 (as set on port forward on my domain) to goto the server 192.168.0.4:7777

              PFSense says that is set. Port checker says its stealth and I cannot access the website from the domain.

              I can obviously connect to it on Lan on that port.

              I am not sure what else to do.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Have you gone over EVERYTHING on the list here?

                https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

                (Hint - it's almost ALWAYS something on that list. People just skip checking things because they sound like they couldn't be it but it is. REALLY check everything on that list. If you've already checked it, check it again.)

                Time for some screen shots of your port forward settings and WAN rules.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • G
                  garethsnaim
                  last edited by

                  Hello all.

                  I am still struggling with this. It seems straight forward but its not working for me, everything I do results in a 'stealth' from port checkers and nothing gets through,

                  SO I have set up a test. here is what I put in NAT portforward:

                  And this auto shows in rules:

                  IS there something else I should be doing, I just want certain ports open and incoming from the web on those ports directed to a certain IP on my network, for the life of me it won't work.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    That all looks right. Check the local "software" firewall on 192.168.0.97. Check items 2, 3, 4 on 192.168.0.97.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • G
                      garethsnaim
                      last edited by

                      Hi Derilict.

                      According to a couple of online port checkers, that port is stealth, so I don't believe its anything to do with the server I am pointing too, besides the firewall on that is set to allow on that port.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        Well your port forward is correct so it's something else. Not sure what to tell you.

                        Sniff on WAN for the traffic coming in on WAN address:60671 then sniff on LAN for traffic to 192.168.0.97:60671.

                        If you don't see the traffic on WAN, something (your ISP) is blocking it. If you don't see the traffic on LAN, your port forward/rules are wrong. If you see the traffic out LAN and no reply, it's something on the server.

                        Diagnostics > Packet Capture

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • G
                          garethsnaim
                          last edited by

                          I'll try. not great at this stuff!

                          I checked in 'show states' there is no evidence of that port being used and I tried the port checker using my phone on 4G.

                          I might take this opportunity to install a smaller PC I have and start again, I really think something has gone pear shaped.

                          For instance when I first set up PFsense 'back to mac' a mac only sort of VPN thing worked great, without changing anything that no longer works and also I gave up entirely on OpenVPN it worked for a little while, but no longer.

                          I need to sort it, my son wants his minecraft server to share with his mates.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.