Pfsense Portforwarding problem

Jeanjetec · January 13, 2020, 9:29pm

Hi,
I am an ex-pilot, retired in September 2019, and I am teaching myself IT.
Bought a netgate sg1100, and for some reasons, I cannot open any port for external access.
Followed Tom’s video on port forwarding, but did not work.
Can somebody tell me how to troubleshoot port forwarding issues please?

Nat is done, rules are done, no matter the order I choose, when I try to check the ports on ça you seems.org, I always get an error.

I am in France and my ISP, though I have a fixed IP does not allow bridge mode. So I redirected port 8096 to my netgate box, and forwarded the port to my computer at 192.168.3.15.

Thanks for your help.

LTS_Tom · January 13, 2020, 9:38pm

Does it work without the Netgate device? Just want to see of the problem is pfsense or the ISP provided equipment. Some ISP’s block ports.

Jeanjetec · January 14, 2020, 1:25am

Hi Tom,
Thanks for your question and interest.
Yes portforwarding is working on the ISP side. Gave them a call today, and they are blaming my equipment arguing everything is fine by their side.

jeff3820 · January 14, 2020, 4:51am

Does the ISP router allow you to setup a DMZ in the firewall settings? If so, setup a DMZ and use the IP address of the Netgate for the DMZ.

The DMZ will forward everything to the Netgate box allowing Pfsense to do all of the firewall settings. Much simpler

Jeanjetec · January 14, 2020, 5:59pm

Yes I saw a DMZ section, but I do not have knowledge about DMZ yet.
Will read and see how to setup what you are saying. If you have examples on how to do what you are saying please feel free to enlighten me. I am new to IT.

jeff3820 · January 14, 2020, 6:28pm

DMZ is very simple but must be used correctly. DMZ places one IP address outside of the firewall of the ISP router. In essence, that one IP address is fully exposed to the internet.

Let’s say your Netgate box has an IP address of 192.168.3.1. On your ISP router you assign the DMZ to 192.168.3.1 and now the Netgate box is exposed directly to the internet. You just have to make the port forwards in Pfsense to the computer at 192.168.3.15…simple.

FYI, I am configured the same. I have to use an ISP router to have internet and TV. I use the DMZ with the IP address of my Pfsense box and I have no issues with port forwarding at all. Its as if the ISP box is not present.

Jeanjetec · January 14, 2020, 9:23pm

Hey Jeff,
A big THANK YOU for your explanation. I love IT, you guys are so eager to share and help anyone.
Heading back home and will give it a try.
Will keep you posted.

Jeanjetec · January 15, 2020, 3:05am

Hi Jeff,
In terms of security. Is it safe to expose my sg1100 directly to the internet?

jeff3820 · January 15, 2020, 3:23am

Absolutely. That is its job. It is a firewall

Jeanjetec · January 15, 2020, 3:41am

Thank you. My Netgate was getting is IP from the ISP router, and I made it static. So I guess, I will change that right.
Sorry for all my questions, but I started learning in September last year.

Jeanjetec · January 17, 2020, 10:09pm

A big fat THANK YOU