Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Double router port forwarding not working

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dragon64
      last edited by

      Hello, I am a newbie and I tried to search for the solution for my problem, I was not able to.
      Here is my setup:

      Internet
          |
      ISP Router (public IP = 63.x.x.x & all ports are forwarded to private IP = 10.0.0.5) - I do not have access to this router.
          |
      pfSense (WAN of static IP = 10.0.0.5 and LAN = 192.168.0.1)
          |
      PC (IP = 192.168.0.11 and the port 873 listener is running)

      From the pfSense box, I created a NAT port forward (i.e., port 873) and an associated filter rule was added successfully.
      However, when I ran "Test Port" from an external pfSense box for port 873, I got an error,
      "Connection failed (Refused/Timeout)".
      By the way, when running "Test Port", I did use the public IP, 63.x.x.x.

      Thank you so much in advance for your help!

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by

        I would guess you need to turn off the option "Block private networks" in Interfaces->WAN setup screen.

        1 Reply Last reply Reply Quote 0
        • D
          dragon64
          last edited by

          Thanks much kpa, I just tried your suggestion but I am still getting the same error, "Connection failed (Refused/Timeout)".
          Is there a setting in pfSense where I can map the ISP's public IP (63.x.x.x) to private IP (10.0.0.5) - which is the WAN IP of the pfSense box?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            That won't help you. The best solution is to get rid of the ISP router as an IP hop and put it into bridge mode.

            Since you apparently cannot do that you seem to be taking the next-best option by trying to forward all traffic to pfSense.

            I would run a packet capture on pfSense WAN filtering on port 873 and run the test again. If you do not see the traffic, the upstream router is not forwarding it to you and there's nothing you can do on pfSense until that is fixed.

            List of things to check here:

            https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • D
              dragon64
              last edited by

              Thanks much Derelict, I will try what you suggest.
              Thanks again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.