pfsense port forward

  • Thread starter Deleted member 184142
  • Start date
D

Deleted member 184142

Guest
Ok, just built my first pfsense box. It is up and running just fine and I go to port forward uTorrent, I make an alias, then setup a new rule. I use BitTorrent WebIU addon for FF to add torrents from anything, my phone, work, laying in bed etc. I try adding something from my laptop, and I get a "server didn't respond", so I remote into my server to make sure its up and running etc etc, everything seems fine, I run uTorrents port forward check and it says everything is fine....Odd. It's late so I give up and go to bed. Go to work in the morning and figure I will remote in and make sure I didn't fat finger a setting somewhere. So I remake the alias and rule etc, then go to add a torrent through the addon on my work computer and poof "torrent added successfully".

Then I get home, go to add something else and "server didn't respond". It seems when connected to the internet on my home network that the server is on, it will not work, but if I am on another network it will add torrents just fine....What am I missing here?
 
Your "port forward" rules are created for incoming traffic from an untrusted (WAN) zone, typically. Creating a port forward doesn't do what you are looking to do for internal traffic, or on the same zone. Have you verified that your server is not blocking the incoming traffic from within your network through the Windows firewall?
 
Which is why I don't understand why it is not working, as it was before, the only change has been adding the pfsense box, everything else goes through a switch. And no, it is not being blocked, I checked logs and then disabled it altogether, no change. Technically, pfsense box or not, it should STILL work, as the local computers are pointed to the local address, and should only be passing through the switch.
 
Seems I was an idiot. When I moved around the whole room to add in the switch/rack/cat6 for everything, I ended up leaving the server plugged back into pfsense and not the switch, I went and ran everything down and was looking at all the wires going "wtf was I doing?", moved a few things around and ran the cable to the switch with everything else and all is working fine. Still not really sure why it was not working, as technically it should have still worked like that.
 
It would be worth looking into, but I believe that would be due to the fact that most firewalls like this treat each interface like another zone. They are firewalled between zones implicitly, and no traffic is allowed between them unless the access (firewall) rule is created.

Regardless, thanks for the update, and glad it is working for you.
 
Cmustang87 said:
It would be worth looking into, but I believe that would be due to the fact that most firewalls like this treat each interface like another zone. They are firewalled between zones implicitly, and no traffic is allowed between them unless the access (firewall) rule is created.

Regardless, thanks for the update, and glad it is working for you.
Click to expand...

I will probably do some more research, was the whole point of building this box, learn more about them. Always had off the shelf routers before and figured it was time I learned. Thanks for the help.
 
You are welcome, and good luck with your studies.

The big difference is that off the shelf routers have 1 physical Layer 3 interface (the WAN/Internet), and the other 4 ports that you connect for the LAN are Layer 2 switch ports, and with that is something called a Switched Virtual Interface (SVI) for the default VLAN (1). The SVI has an assigned IP that your computers use as the default gateway, or for the management over HTTP/S (eg. 192.168.1.1). Each device connected to one of the 4 interfaces all belong to the same VLAN (broadcast domain) and can generally "communicate" implicitly with each other because the traffic does not have to be routed, and is not firewalled.

Logically, it kind of looks like this:

B2A0yel.png


I'm not a pfSense expert at all, but generally with zone based firewalls, each interface is treated as its own security zone, and traffic generally is not allowed to pass between zones unless you configure it as such. This may not be the case with pfSense, but I am applying logic from my experience with other firewalls. This is why switches are connected downstream in larger setups. You have a layer 2 switch to connect all of your devices so they can all "communicate" with each other, then if they need to reach another network, they go to their default gateway (the firewall interface the switch is connected to) to be routed based on its routing table.

I hope that makes sense.

https://en.wikipedia.org/wiki/Switch_virtual_interface
 
Does PFSense automatically create NAT rules? You might need a NAT rule in order to have traffic hit the box running the utorrent client.
 
Cmustang87 said:
You are welcome, and good luck with your studies.

The big difference is that off the shelf routers have 1 physical Layer 3 interface (the WAN/Internet), and the other 4 ports that you connect for the LAN are Layer 2 switch ports, and with that is something called a Switched Virtual Interface (SVI) for the default VLAN (1). The SVI has an assigned IP that your computers use as the default gateway, or for the management over HTTP/S (eg. 192.168.1.1). Each device connected to one of the 4 interfaces all belong to the same VLAN (broadcast domain) and can generally "communicate" implicitly with each other because the traffic does not have to be routed, and is not firewalled.

Logically, it kind of looks like this:

B2A0yel.png


I'm not a pfSense expert at all, but generally with zone based firewalls, each interface is treated as its own security zone, and traffic generally is not allowed to pass between zones unless you configure it as such. This may not be the case with pfSense, but I am applying logic from my experience with other firewalls. This is why switches are connected downstream in larger setups. You have a layer 2 switch to connect all of your devices so they can all "communicate" with each other, then if they need to reach another network, they go to their default gateway (the firewall interface the switch is connected to) to be routed based on its routing table.

I hope that makes sense.

https://en.wikipedia.org/wiki/Switch_virtual_interface
Click to expand...

Oh, this I know. The main problem came from trying to connect to something I THOUGHT was on the switch, but was actually connected to the pfsense box. I was able to connect to the server with the outside connection just fine, but the "simple" connection, that being on the same switched network, was not working and is what was confusing me, as I knew it was up and running and accepting connections etc etc, but the local connection was not working. Once I moved the connection over, everything was fine.

The Lurker said:
Does PFSense automatically create NAT rules? You might need a NAT rule in order to have traffic hit the box running the utorrent client.
Click to expand...

Those rules are done with aliases in pfsense, you can add things one by one, but I find it easier to manage with aliases set for devices/services. On such a small network, it is really not that big of a deal, but as things grow it can come in very handy to have everything set like this, and the time required is pretty small once you get used to it. Which is what I meant by I had setup a new alias and rule. Everything was setup and running correct, I just didn't realize I had not moved the server to the switch with everything else in the local network.
 
You must log in or register to reply here.
Back
Top