Double router port forwarding not working



  • Hello, I am a newbie and I tried to search for the solution for my problem, I was not able to.
    Here is my setup:

    Internet
        |
    ISP Router (public IP = 63.x.x.x & all ports are forwarded to private IP = 10.0.0.5) - I do not have access to this router.
        |
    pfSense (WAN of static IP = 10.0.0.5 and LAN = 192.168.0.1)
        |
    PC (IP = 192.168.0.11 and the port 873 listener is running)

    From the pfSense box, I created a NAT port forward (i.e., port 873) and an associated filter rule was added successfully.
    However, when I ran "Test Port" from an external pfSense box for port 873, I got an error,
    "Connection failed (Refused/Timeout)".
    By the way, when running "Test Port", I did use the public IP, 63.x.x.x.

    Thank you so much in advance for your help!



  • I would guess you need to turn off the option "Block private networks" in Interfaces->WAN setup screen.



  • Thanks much kpa, I just tried your suggestion but I am still getting the same error, "Connection failed (Refused/Timeout)".
    Is there a setting in pfSense where I can map the ISP's public IP (63.x.x.x) to private IP (10.0.0.5) - which is the WAN IP of the pfSense box?


  • Netgate

    That won't help you. The best solution is to get rid of the ISP router as an IP hop and put it into bridge mode.

    Since you apparently cannot do that you seem to be taking the next-best option by trying to forward all traffic to pfSense.

    I would run a packet capture on pfSense WAN filtering on port 873 and run the test again. If you do not see the traffic, the upstream router is not forwarding it to you and there's nothing you can do on pfSense until that is fixed.

    List of things to check here:

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting



  • Thanks much Derelict, I will try what you suggest.
    Thanks again.