Port forwarding in pfSense not working

networking firewall router port-forwarding pfsense
10,543

Solution 1

Your config is correct to send 993 destined to your WAN IP to 10.0.1.2 port 993.

Go through the troubleshooting steps. You can eliminate at least common problems 1, 6, 7, and 10-14 and probably more than that. https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

First I'd filter Diag>States for :993 when trying to connect from the Internet, and see what's there. If nothing, and you're not seeing any 993 blocks in the firewall log, then it's not reaching your WAN (blocked upstream somewhere). If something's there, what does it look like?

Solution 2

If you add a Proxy ARP virtual IP address, does that make a difference?

Solution 3

NAT reflection is disabled by default, so tests from your internal network are going to fail. From pfSense's Troubleshooting Guide:

Port forwards do not work internally unless NAT reflection has been enabled. Always test port forwards from outside the network, such as from a system in another location, or from a 3G/4G device.

I think I've tripped over this one a few times. Turn off WiFi on our phone then test with that.

Share:
10,543

Related videos on Youtube

Conor Taylor
Author by

Conor Taylor

Updated on September 18, 2022

Comments

  • Conor Taylor
    Conor Taylor over 1 year

    I recently set up a pfSense router and can't get any port forwarding to work from outside my own LAN.

    I have the following forwarding rule to a local server located at 10.0.1.2: enter image description here

    Note that if I enable NAT reflection for this rule, then ssh -p 993 user@my-wan-ip works from my LAN, so the rule is having some effect. However it will not work from outside my LAN.

    This is extra strange because I have a rule for ICMP packets that does work: enter image description here

    If I disable the first rule in the image above, pings will start to fail from outside the network, so I know the firewall is working. However the second rule (the NAT firewall rule that was created when I created the port forwarding) seems to have no effect.

    This worked fine using my old router. Is there anything I could be overlooking here?

    • LUser
      LUser over 8 years
      Try making the DstAddr to * and in the destination tab there should be a "Redirect target IP" address. Place that IP in that redirection address.
    • Diamond
      Diamond over 8 years
      @Conor Taylor, the rule as seen here is not correct. The Destination should be "WAN address". Change it and see.
    • Chris Buechler
      Chris Buechler over 8 years
      Neither of those comments are correct, all the config shown is fine as is.
    • ADJenks
      ADJenks over 3 years
      So, you never picked a correct answer. Did you ever diagnose it? What was the solution?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can a people DDOS a block Port?
Why my Port Forwarding rule is not working?
How to port forward on Genexis Platinum 4410?
How to redirect custom urls to some local IPs with pfSense
My repeater is not letting me port forward
how much of a security risk is turning off the firewall in a modem?
Connecting PS4 through SonicWall TZ100 firewall | Sony Error NW 31162-3
Mysql port forward and access from any pc outside network
port forwarding alternatives?
How to circumvent a private WAN IP address?