On Mon, 12 Feb 2018 11:59:09 -0600 Steven Spencer <steven.spen...@kdsi.com> wrote:
> On 02/12/2018 11:43 AM, Marco wrote: > > On Mon, 12 Feb 2018 10:21:08 -0600 > > Steven Spencer <steven.spen...@kdsi.com> wrote: > > > >> On 02/11/2018 03:29 PM, Marco wrote: > >>> On Sun, 11 Feb 2018 20:46:41 +0000 > >>> "Joseph L. Casale" <jcas...@activenetwerx.com> wrote: > >>> > >>>> -----Original Message----- > >>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of > >>>> Chris L Sent: Sunday, February 11, 2018 1:43 PM > >>>> To: pfSense Support and Discussion Mailing List > >>>> <list@lists.pfsense.org> Subject: Re: [pfSense] Port forwards > >>>> don't work on one machine > >>>> > >>>>> What interface is that taken on? Take one on the interface the > >>>>> destination server is connected to (WLAN?) and test again. While > >>>>> you’re capturing also do another Diagnostics > Test Port from > >>>>> the local pfSense itself. Please include the capture of both > >>>>> events (from outside and using test port.) > >>>>> > >>>>> It looks like the server is not responding. > >>>> I'd also suggest running a capture on the destination, if it's > >>>> actually receiving traffic and/or sending it elsewhere (routing > >>>> rule) this will provide some insight. > >>> I ran a wireshark on the destination and it received packets when > >>> “port testing” from the pfSense, but not when using external > >>> access (e.g. canyouseeme.org) > >>> > >>> Marco > >>> _______________________________________________ > >>> pfSense mailing list > >>> https://lists.pfsense.org/mailman/listinfo/list > >>> Support the project with Gold! https://pfsense.org/gold > >> Marco, > >> > >> Just curious, but what is the target machine's OS? > > The actual server is FreeBSD, but I run the tests with a Linux > > laptop as the behaviour is the same. > > > > Marco > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > I know you've stated that you have no firewall on these machines. So > iptables -L shows empty on the Linux laptop Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination > No selinux in play on the Linux > laptop No selinux in use. > I looked at your screen shots and I can't see anything that leaps > out at me. We have a number of PfSense firewalls in use (15) > within our organization and I've used port forwarding on every one > of them and have never run into a problem-unless the receiving > machine refuses the connection. Same here. Not that I'm a network expert, but I've set up five pfSense installations and port forwarding has always been an easy task which worked by just configuring the NAT rule. If the receiving machine refuses the connection, I would not be able to successfully "port test" it from the pfSense box and I would see incoming packets with wireshark (I believe). Therefore, I suspect an issue with the port forwarding. > I've been bitten by selinux before and more recently, by firewalld. Not installed and (therefore I hope) not used. Thanks for the support and confirming that it's not something obvious. Will investigate later. Marco _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold