I would think "exposed host" is what I am calling DMZ, from your description.
If you have a firewall rule you can set it to log traffic (pass or block I believe). Under status/system logs/settings there is a checkbox to log packets blocked by the default block rule. -- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Marco Sent: Monday, February 12, 2018 3:10 PM To: list@lists.pfsense.org Subject: Re: [pfSense] Port forwards don't work on one machine On Mon, 12 Feb 2018 20:45:55 +0000 Steve Yates <st...@teamits.com> wrote: > Just to double check the config, so the pfSense router is set as the > DMZ of the ISP router? No clue if the ISP device has a concept of DMZ. I configure it as “Exposed Host”, so all communication is actually forwarded to the pfSense box. I've set up numerous of those devices in different locations and that was always sufficient. > Have you tried deleting the rule and re-adding? On the ISP device? No, not yet. I guess tomorrow I'll clear the ISP devices' config and also start off with a vanilla pfSense config. I'm not really used to debugging with pfSense, especially the logging features. What's the best way to check if that packet is blocked by pfSense somehow? I tried Status → System Logs → Firewall → Normal View → Advanced Log Filter I checked “Block”, then entered Port: 8000 and “Apply Filter” and it shows “No logs to disply”. That means that the packet is not blocked by an implicit or explicit firewall rule, right? Marco _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold