Just to double check the config, so the pfSense router is set as the DMZ of the ISP router? Have you tried deleting the rule and re-adding?
--
Steve Yates
ITS, Inc.
-----Original Message-----
From: List [mailto:list-***@lists.pfsense.org] On Behalf Of Marco
Sent: Sunday, February 11, 2018 1:13 PM
To: ***@lists.pfsense.org
Subject: [pfSense] Port forwards don't work on one machine
Hi,
I have set up port forwarding multiple times in the past and it has always
worked. But I now have a machine that fails to forward a port. No clue why.
Maybe I'm missing the obvious here.
My network:
Internet -> ISP provided “NAT device” -> pfSense (2.4.2-RELEASE-p1)
For debugging purposes I simplified the setup, turned off IDS, pfBlockerNG,
used IPs instead of aliases.
1) The port forward from the WAN to 10.0.30.21 is set up.
Loading Image...2) A corresponding WAN rule is created as well:
Loading Image...On another machine this already is enough to get it working. But not on this
one. Nmap shows “filtered”.
3) Confirming the port 8000 is actually open on 10.0.30.21:
Loading Image...Yes, it is.
4) Now testing from the external IP:
Loading Image...Nope!
Again using an external service:
Loading Image...No, James!
5) States:
Loading Image...6) Packet capture:
https://i.imgur.com/xT3qFXW.png
I read: https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
Common Problems
1. NAT and firewall rules not correctly added (see How can I forward ports with pfSense?)
I guess it's all correct, works on another machine.
Hint: Do NOT set a source port
not set
2. Firewall enabled on client machine
nope
3. Client machine is not using pfSense as its default gateway
pfSense is the default gateway
4. Client machine not actually listening on the port being forwarded
It is, see
https://i.imgur.com/KcaSP6T.png
5. ISP or something upstream of pfSense is blocking the port being forwarded
I guess the states table and packet capture should be empty if that's the
case, right?
6. Trying to test from inside the local network, need to test from an outside machine
Tested both, see
https://i.imgur.com/QnWQuIO.png
https://i.imgur.com/v4KaivE.png
7. Incorrect or missing Virtual IP configuration for additional public IP addresses
No clue, haven't configured anything virtual.
8. The pfSense router is not the border router. If there is something else between pfSense and the ISP, the port forwards and associated rules must be replicated there.
True, pfSense is not the border router, ISP provided “NAT gateway” is. Device
is configured to forward everything to the pfSense box, though.
9. Forwarding ports to a server behind a Captive Portal. An IP bypass must be added both to and from the server's IP in order for a port forward to work behind a Captive Portal.
nope
10. If this is on a WAN that is not the default gateway, make sure there is a gateway chosen on this WAN interface, or the firewall rules for the port forward would not reply back via the correct gateway.
WAN is default gateway
11. If this is on a WAN that is not the default gateway, ensure the traffic for the port forward is NOT passed in via Floating Rules or an Interface Group. Only rules present on the WAN's interface tab under Firewall Rules will have the reply-to keyword to ensure the traffic responds properly via the expected gateway.
didn't configure floating rules
12. If this is on a WAN that is not the default gateway, make sure the firewall rule(s) allowing the traffic in do not have the box checked to disable reply-to.
not the case
13. If this is on a WAN that is not the default gateway, make sure the master reply-to disable switch is not checked under System > Advanced, on the Firewall/NAT tab.
not the case
14. WAN rules should NOT have a gateway set, so make sure that the rules for the port forward do NOT have a gateway configured on the actual rule.
see
https://i.imgur.com/N7ulwha.png
15. If the traffic appears to be forwarding in to an unexpected device, it may be happening due to UPnP. Check Status > UPnP to see if an internal service has configured a port forward unexpectedly. If so, disable UPnP on either that device or on the firewall.
UPnP is not used
I guess I'm missing the obvious here, since port forwards are rather
straightforward in pfSense and have never given me troubles in the past. A
nudge in the right direction is appreciated.
Marco
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold