Port forwarding not working

coolnicklas

Hi,
I know I am not the only one having this problem. I have tried m0n0wall with similar problem, se this thread:
http://forum.m0n0.ch/index.php/topic,2126.0.html

My Port forwarding settings are:

If        Proto    Ext. port range        NAT IP                            Int. port range
WAN  TCP/UDP    80 (HTTP)        192.168.1.23 ext:xx.xxx.128.76    80 (HTTP)
WAN  TCP          22 (SSH)          192.168.1.23 ext:xx.xxx.128.76    22 (SSH)

And the auto created rules are:
Proto      source    Port    Destination    Port          Gateway
TCP/UDP    *          *      192.168.1.23  80 (HTTP)      *
TCP          *          *      192.168.1.23    22 (SSH)      *

Pinging and trying to access the webserver from internet (outside pfsense) results in following log entries:

15:21:38.951885 IP xx.xxx.128.74.63235 > xx.xxx.128.76.80: tcp 0
15:21:42.489552 IP xx.xxx.128.73 > xx.xxx.128.76: ICMP echo reply, id 53768, seq 0, length 64

I have seen in the system logs that ICMP is blocked, but no HTTP is visible in the logs.

I have no more Ideas for how to solve this.

Any suggestions?

Thanks in advance
Nicklas

coolnicklas

I'm at home know were I've got a DSL connection with dynamic IP, so I reconfigured the WAN interface to use DHCP and now, the same port forwarding rules works.

It must have something to to with the WAN configuration since port forwarding works when WAN is configured with DHCP but not when WAN is configured with a static address.

I guess I must have missed something out.
My exact setup is:

/–----GW1(public IP xx.xxx.128.74)
                                                                                  /
[FDDI-to-ethernet converter] - [unmanaged switch]–--------GW2(public IP xx.xxx.128.75)
                                                                                 
                                                                                    -------GW3(public IP xx.xxx.128.78)
                                                                                     
                                                                                        ___pfsense(public IP xx.xxx.128.77)
                                                                                                                |
                                                                                                                |
                                                                                                        webserver

From my ISP 've got the range from xx.xxx.128.74 to xx.xxx.128.78 and the subnet mask 255.255.255.248

With CIDR notation this would be setting WAN to xx.xxx.128.77/29, right?

/Nicklas

cmb

Do you have outbound access to the Internet when using that static IP? Are you sure something upstream isn't blocking that traffic to the static IP?

Also see http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

/29 is correct for 255.255.255.248

coolnicklas

Outbound traffic works.
I tried the same configuration (same IP, etc) with a Netgear WGT624 router and everything including port forwarding worked. I also called my ISP and asked them to check that everything was properly configured on their side. It's really strange this won't work.