What is the default gateway of the destination (is there a route back to pfSense)?
- Jim On Mon, Feb 12, 2018 at 1:46 PM, Marco <li...@homerow.info> wrote: > On Mon, 12 Feb 2018 11:59:09 -0600 > Steven Spencer <steven.spen...@kdsi.com> wrote: > > > On 02/12/2018 11:43 AM, Marco wrote: > > > On Mon, 12 Feb 2018 10:21:08 -0600 > > > Steven Spencer <steven.spen...@kdsi.com> wrote: > > > > > >> On 02/11/2018 03:29 PM, Marco wrote: > > >>> On Sun, 11 Feb 2018 20:46:41 +0000 > > >>> "Joseph L. Casale" <jcas...@activenetwerx.com> wrote: > > >>> > > >>>> -----Original Message----- > > >>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of > > >>>> Chris L Sent: Sunday, February 11, 2018 1:43 PM > > >>>> To: pfSense Support and Discussion Mailing List > > >>>> <list@lists.pfsense.org> Subject: Re: [pfSense] Port forwards > > >>>> don't work on one machine > > >>>> > > >>>>> What interface is that taken on? Take one on the interface the > > >>>>> destination server is connected to (WLAN?) and test again. While > > >>>>> you’re capturing also do another Diagnostics > Test Port from > > >>>>> the local pfSense itself. Please include the capture of both > > >>>>> events (from outside and using test port.) > > >>>>> > > >>>>> It looks like the server is not responding. > > >>>> I'd also suggest running a capture on the destination, if it's > > >>>> actually receiving traffic and/or sending it elsewhere (routing > > >>>> rule) this will provide some insight. > > >>> I ran a wireshark on the destination and it received packets when > > >>> “port testing” from the pfSense, but not when using external > > >>> access (e.g. canyouseeme.org) > > >>> > > >>> Marco > > >>> _______________________________________________ > > >>> pfSense mailing list > > >>> https://lists.pfsense.org/mailman/listinfo/list > > >>> Support the project with Gold! https://pfsense.org/gold > > >> Marco, > > >> > > >> Just curious, but what is the target machine's OS? > > > The actual server is FreeBSD, but I run the tests with a Linux > > > laptop as the behaviour is the same. > > > > > > Marco > > > _______________________________________________ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > I know you've stated that you have no firewall on these machines. So > > iptables -L shows empty on the Linux laptop > > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > > No selinux in play on the Linux > > laptop > > No selinux in use. > > > I looked at your screen shots and I can't see anything that leaps > > out at me. We have a number of PfSense firewalls in use (15) > > within our organization and I've used port forwarding on every one > > of them and have never run into a problem-unless the receiving > > machine refuses the connection. > > Same here. Not that I'm a network expert, but I've set up five > pfSense installations and port forwarding has always been an easy > task which worked by just configuring the NAT rule. > > If the receiving machine refuses the connection, I would not be able > to successfully "port test" it from the pfSense box and I would see > incoming packets with wireshark (I believe). Therefore, I suspect an > issue with the port forwarding. > > > I've been bitten by selinux before and more recently, by firewalld. > > Not installed and (therefore I hope) not used. > > Thanks for the support and confirming that it's not something > obvious. Will investigate later. > > Marco > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold