PFSense refuses to port forward

More trouble with PFSense, what a surprise. I have moved my box over to PFSense and have been banging my head against this wall for 3 hours now.

I have followed the port forwarding guide exactly. I have setup the NAT rule with NAT reflection on to forward all traffic incoming on port 8006 to forward to an internal LAN address on the same port. The associated firewall rule is created too. Still when testing i get ERR_EMPTY_RESPONSE every time. I have tweaked, destroyed, recreated, and tweaked some more, still nothing. I even did a packet capture for thirty seconds capturing all packets destined for port 8006 on the WAN interface, and when i view the capture log: NOTHING. I can type in the same address and port number for external test using IPFire with the same port forward and it works flawlessly.

None of the troubleshooting guides help, the setup documentation is a joke. I would like to set up a whole network VPN as outlined in the great videos produced by Wendell and Friends but i'm not sticking with this POS if i can't even sort out a simple port forward.

Are you trying to setup a vpn that you van access your home network or trying to connect to a another vpn service?

Can you paste the NAT and WAN rules?

Also make sure you're testing it from an external connection, ie, not on your own LAN.

I'm not even bothering with the VPN stuff until i can get a simple port forward setup, which this firewall absolutely refuses to do.

Screenshot from 2017-04-29 13-56-29.png894x281 17.8 KB

Set up exactly how it is laid out in the pfsense "documentation".

And yes i have tested both from my phone through cell connection and by a friend.

Only rules present are the NAT reflection rules automatically created with these port forwards, so it should not be a rule conflict.

Ok copy just saw at the end where you wanted to setup a whole network vpn so was trying to help.

Are we trying to get to your proxmox web dashboard? If so is the firewall off on Proxmox. They say it not activated by default but double check that possibly.

i was able to get to the proxmox gui from the outside for more than 6 months using the same port forward on IPFire. i have made no changes to the proxmox firewall configuration.

Have you checked firewall logs and see if it shows anything being blocked when trying to access proxmox from outside?

Is NAT reflection set to use the system default?

I have tried both the system default and Pure NAT. Neither work.

firewall logs don't show anything being blocked on port 8006.

Can I see the wan and LAN rules too?

And here is a detailed view of the port forward. The other is identical except for the port range and destination IP.

Forward detail.png1151x969 58.5 KB

Is it just the proxmox one that isn't working or is it both?

Those rules look fine. You're certain that nothing has changed on proxmox that would prevent it from working? Have you reset pfsense since making these rules? Sometimes old rules can hang around in the state table until you either reset the state table or the whole machine if you want to be sure.

Is pfsense basically default or have you made other configuration changes?

Both are not working. I have not made any configuration changes to the proxmox server since the firewall switch. I have not rebooted the firewall since installing it but these are the only two rules i have attempted to create. It is basically default besides these two rules and DHCP enabled.

Okay, try restarting it

Rebooted. Still not working.

And you're not seeing anything in the firewall log? Try enabling logging for the two WAN rules and see if you see any allowed traffic on those ports.

Do you have another router between pfsense and the modem or id the modem connected directly to pfsense (in bridge mode or the equivalent). ie. is this a double NAT problem?