Greetings Lawrence Systems group. Long time enjoyer of the YouTube content. Brief introduction then I’ll explain my situation. Long time computer software/hardware hobbyist. My dad got into ‘homelabing’ some years ago, and has intrigued me into following. I host a Proxmox server & TrueNAS at the house to run several VMs and photo/OTA TV DVR storage. I host a Proxmox server at my business a auto repair garage which I run a FreePBX server which handles my VoIP phones at the garage. Lately, I have aquired a 2nd garage, and used Tom’s WireGuard video to setup a VPN between my house and the shop with the PBX. I’m working on setting up a 3rd pfsense router at the newer garage today with the goal being to operate all the VoIP phones from the single PBX server. (I have redundancy with the server, but figured managing one PBX rather than multiple would be simpler.) My home network was the sandbox to try VoIP phones across the VPN and so far that’s working very well.
I’d consider myself at least ‘competent’ in the PC world.
However, since converting the DHCP/firewall duties from my wireless Linksys router over to pfsense, I have broken my HomeAssistant access outside the house. I’ve reviewed Lawrence System’s videos on port forwarding and troubleshooting pfsense and simply have no clue how to find out where the problem lies.
canyouseeme.org at least shows that my port forwarding attempt did something as port 8123 is open, and port 8124 for example is not. However navigating to my duckdns.org:8123 page nor simply trying my WAN:8123 both times out. I don’t see any action in the system logs under the firewall tab for that port. I really don’t know how to figure out where the issue lies. The duckdns route worked fine with the Linksys router handling the port forwarding, but as I need the WireGuard VPN at the house, I’d like to stick with pfsense. Just struggling to figure out how to sort out this port issue.
Sidenote, it doesn’t appear that the WG rule I added per the tutorial video is doing anything, but the VPN is functioning normally. (I added a pic of the rules, but had to remove due to new user limits)
Firewalls are the next frontier for me. I enjoy learning, my struggle is understanding WHAT I need to learn about next to further my abilities. Thanks for churning through this rant. And I appreciate in advance any help/tips toward figuring this out.
I’m not sure we understand one another. I have nothing running on the cloud. I wasn’t clear in my setup description.
HomeAssistant is running as a VM on Proxmox on my LAN. I’ve attempted to port forward 8123 through the WAN so I can use my HomeAssistant dashboard when I’m away from the house. But since moving from my Linksys router to pfsense as my LAN firewall, I’ve been unable to return to the accessing from away functionality. Clearly I haven’t gotten the port forwarding to work right, but I don’t know what I’m missing.
Sorry for the confusion. Only mentioned WireGuard as an attempt to suggest I’m semi-competent. It seems backwards that I was able to setup a VPN but I’m struggling with port forwarding. I thought it would be the other way around.
I don’t intend to use my VPN for anything other than business to business PBX server sharing. I’d like to forward port 8123 to my HA server at 192.168.1.117 so I can access it from my phone when I’m out of the house.
Yeah that is interesting. I would utilize the pftop to check if there are any states when you try to connect from the internet to your WAN. That will tell you if traffic is making it or not.
Thank you MAXIMUS. I’ve been going about this all wrong. The port forwarding IS working. I finally turned the WiFi off on my phone to test, and it hits the HA server just fine. It is when I’m on the network that the duckdns.org site won’t resolve. That’s a ‘loopback’ issue or something like that. I’ve been barking up the wrong tree.
Conclusion is MAXIMUS redirected my focus not on port forwarding issue, but a loopback issue. Basically I couldn’t hit my server from within the network, but I could from externally.
I then found:
Which made me adjust to Pure NAT in the System->Advanced->Firewall & NAT tab. Also had to add a checkbox to “Enable automatic outbound NAT for Reflection”. Now my DuckDNS HA link works again. Thanks very much.
