Port Fowarding Issues W/ pfSense 2.5.1 Update

I have spent two solid days trying to figure out my port forwarding issues to no avail. Everything was working until I updated my pfSense to 2.5.1. I revisited pfSense troubleshooting guidance and Lawrence’s guidance videos on port forwarding but still having issues.

Regarding my home network setup. I have a pfSense router at I have the following interfaces:

(1) WAN
(2) LAN (vpntraffic only and used for all personal computers) 192.168.0.X
(3) PIA OpenVPN client
(4) NONVPNLAN (on a VLAN through a ubiquiti managed switch - used for my business computers) 192.168.1.X

For VPN traffic computers on (2) LAN interface, I used Lawrence’s guidance (pfsense OpenVPN Policy Routing With Kill Switch Using PIA / Private Internet Access - YouTube) and it works perfect. For non VPN traffic computers on (4) NONVPNLAN interface, I have a separate VLAN network and it works perfect.

I followed this video for Lawerence (How To Setup Port Forwarding on pfsense 2.4 - YouTube) to set up a port forwarding rule to send all external TCP internet traffic packets on port 6000 on WAN to single computer on the (4) NONVPNLAN (VLAN) with an internal address on port 6000. However, when I check on (yougetsignal port forwarding testing tool website) to see if the port forwarding is working, the results show my external IP address on 6000 is CLOSED.

To troubleshoot, I first wanted to make sure the port forwarding rule on the WAN was working. So I monitored Status>System Logs>Firewall>Dynamic View and filtered all requests to my computer destination and then did a test again on (yougetsignal port forwarding testing tool website) to my external address on port 6000. I was able to see that the port forwarding rule passed the TCP packet to my computer without blocking it. So it looks like the port forwarding is working on pfSense.

I then took Lawrence’s recommendation for test the port in Diagonstics > Test Port to ensure I can send a TCP packet on port 6000 between the pfSense router ( and the computer on that is listening on 6000. The results show successful, so I that means I have clear communication between pfSense and the computer on on port 6000.

The last thing to check was to check directly on my computer that it was actually receiving the TCP packet when I sent a TCP packet from (yougetsignal port forwarding testing tool website). I ran a tcptrack command on my computer to monitor port 6000 and can see that computer is receiving the packet…

So in summary I am very confused why on (yougetsignal port forwarding testing tool website) I see that my my external IP on port 6000 is showing CLOSED when I can see the TCP packet being received on my computer. At this point I am at a dead end in trying to solve this after two solid days…

Is there any other methods to further troubleshoot to see where the issue could be or does anyone know what could be the issue? Any assistance would be greatly appreciated!!! :slight_smile:

Can you post your Port Forward rule and Firewall rule to look over?

After more troubleshooting, I am pretty sure I have isolated the issue. Once I disable my PIA OpenVPN Client profile in VPN>OpenVPN>Clients, the port forwarding tester tool (Open Port Check Tool - Test Port Forwarding on Your Router) when I send a TCP packet to my external IP address on port 6000 shows Open. So as long as I have the OpenVPN Client profile disabled it works perfect. I am wow not sure if it is an issue with the WAN interface that I have defined in the OpenVPN profile, or the NAT Outbound settings, or the firewall rules. Do you have any recommendations? Thanks again for your assistance.

I upgraded from 2.4.5_1 to 2.5.1 every thing appeared to be fine but my port forwarding NAT stopped working. I disabled PIA and NAT worked again. I assume it’s something with the manual out bound NAT set up that Tom described in his video. It had worked almost perfect but having multiple VPN networks PIA tries to be the default network route. I was able to over came this issue by setting policy routing within each rule.

Here’s my thread and solution.