pfSense Support Subscription

Author Topic: Can't forward port  (Read 130 times)

0 Members and 1 Guest are viewing this topic.

Offline amello

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
    • View Profile
Can't forward port
« on: September 12, 2017, 10:09:48 pm »
Version   2.3.4-RELEASE-p1 (amd64)
FreeBSD 11.01 bhyve VM
Trying to open 32400 for Plex.
NAT enabled for Plex LAN IP
Server's ports are open:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:32400           0.0.0.0:*               LISTEN      3551/Plex Media Ser

pf can see port open: Port test to host: 10.10.10.33 Port: 32400 successful.

External port test fails: Port 32400 Timed-Out

Any ideas?

Thanks!



Offline KOM

  • Hero Member
  • *****
  • Posts: 5232
  • Karma: +653/-18
    • View Profile
Re: Can't forward port
« Reply #1 on: September 13, 2017, 12:26:55 pm »
Have you added the required firewall rule to allow the traffic?  The NAT only defines it.  Have you gone through these?

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Offline amello

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
    • View Profile
Re: Can't forward port
« Reply #2 on: September 13, 2017, 12:50:59 pm »
Have you added the required firewall rule to allow the traffic?  The NAT only defines it.  Have you gone through these?

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Yes, I have.

In fact I've later on for testing moved the server to a spare public IP, created a 1-to-1 to it's LAN IP, WAN rules to forward the port to that IP. The server connected, but can't see the IPs, so it might be something on the FreeBSD host interface configuration.

Moving pf to a bare metal box to by-pass any FreeBSD host configuration.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 13455
  • Karma: +1186/-176
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Can't forward port
« Reply #3 on: September 13, 2017, 01:30:04 pm »
what??  You went through the troubleshooting doc and did a sniff showing the traffic hitting pfsense wan and then being forwarded on?  When does it fail?  Post up your wan rules that should of been created when you created your port forward.

Yes you have to worry about any host firewalls running.. Its quite possible that host blocks traffic from outside its own segment, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-RC Sep 15 16:04:53 VM running on esxi 6.5 (home)

Offline amello

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
    • View Profile
Re: Can't forward port
« Reply #4 on: September 13, 2017, 03:59:36 pm »
what??  You went through the troubleshooting doc and did a sniff showing the traffic hitting pfsense wan and then being forwarded on?  When does it fail?  Post up your wan rules that should of been created when you created your port forward.

Yes you have to worry about any host firewalls running.. Its quite possible that host blocks traffic from outside its own segment, etc.

Let me clarify :)

Yes, added the firewall rule to NAT the port and did the troubleshoot. Nothing hitting my WAN as far as I can see. Moved pf out of the VM today to test again and same results. Either I don't know how to see the logs or nothing is hitting my WAN on that port.

All other ports are working fine, but they are on 1-to-1 NAT from Public IPs to LAN IPs. I'm moving Plex to an spare public IP to see.

Offline amello

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
    • View Profile
Re: Can't forward port
« Reply #5 on: September 13, 2017, 06:17:14 pm »
FOUND IT!

For future reference, u-verse 5268AC has a firewall at IP level under LAN IP Address Allocation. Disabled it and pf took over.