Most recent edit on 2007-09-24 02:08:53 by ChrisBuechler
Additions:
moved to: pfSense Port Forward Troubleshooting∞
Deletions:
Port forwarding trouble shooting
- First delete any firewall rules or NAT rules that you created
- If your WAN space lies in a private IP network (10.0.0.0, 192.168, etc) then ensure Interfaces -> WAN -> Block private networks and block bogons is UNCHECKED.
- Next make sure the host that you are forwarding to behind the firewall uses pfSense as its default gateway
- Now visit firewall, NAT, port forward, click +
- Pick the interface (generally wan), select the protocol, fill in the source and destination port. Also select the firewall ip and enter the private IP address in the "NAT IP" box. Note: Normally you will NOT use "any". Pick a real IP.
- Ensure that the "Auto-add a firewall rule to permit traffic through this NAT rule" option is checked
- Click save and on the next screen click Apply
Test your port forward from the WAN interface. If you are trying to access the port forward from the LAN interface then you need to:
- Change the webConfigurator to a non standard port in system -> general (very important if your serving HTTP and the webConfigurator is listening on HTTP)
- Make sure you did not use "any" as the "External address" in the NAT port forward
- Activate Reflection in System -> Advanced
Additional Troubleshooting
If none of the above resolves your issue, go to Firewall -> Rules, edit the rule that permits the port forwarded traffic, and check the Log box. Save and apply changes. Try accessing again from the Internet, then check your firewall logs (Status->System logs, firewall tab). If the traffic is getting to your firewall and your rule is configured properly, it will be logged as being passed. If the rule is incorrect you will see the traffic getting dropped in your firewall log.
Oldest known version of this page was edited on 2007-08-18 23:17:47 by ChrisBuechler []
Page view:
Port forwarding trouble shooting
- First delete any firewall rules or NAT rules that you created
- If your WAN space lies in a private IP network (10.0.0.0, 192.168, etc) then ensure Interfaces -> WAN -> Block private networks and block bogons is UNCHECKED.
- Next make sure the host that you are forwarding to behind the firewall uses pfSense as its default gateway
- Now visit firewall, NAT, port forward, click +
- Pick the interface (generally wan), select the protocol, fill in the source and destination port. Also select the firewall ip and enter the private IP address in the "NAT IP" box. Note: Normally you will NOT use "any". Pick a real IP.
- Ensure that the "Auto-add a firewall rule to permit traffic through this NAT rule" option is checked
- Click save and on the next screen click Apply
Test your port forward from the WAN interface. If you are trying to access the port forward from the LAN interface then you need to:
- Change the webConfigurator to a non standard port in system -> general (very important if your serving HTTP and the webConfigurator is listening on HTTP)
- Make sure you did not use "any" as the "External address" in the NAT port forward
- Activate Reflection in System -> Advanced
Additional Troubleshooting
If none of the above resolves your issue, go to Firewall -> Rules, edit the rule that permits the port forwarded traffic, and check the Log box. Save and apply changes. Try accessing again from the Internet, then check your firewall logs (Status->System logs, firewall tab). If the traffic is getting to your firewall and your rule is configured properly, it will be logged as being passed. If the rule is incorrect you will see the traffic getting dropped in your firewall log.