pfsense is directly connected to the modem. I have tried to get to the promox gui from my phone ( i have done this before, it works with IPFire) via the cell connection several times, and now i see a bunch of log entries for the firewall hitting port 51413. I am specifying port 8006 on my phone. Either comcast is doing a bit of fuckery with redirecting my targeted port, or pfsense is going full retard and redirecting all incoming traffic to port 51413 or 443 and straight up denying it.
Logging is enabled for the proxmox rule but i am not seeing any entries for it in the firewall logs. Like nothing is hitting it.
pfsense isn't redirecting your traffic to random ports and if it was it would still show a log entry for the traffic when it hits the WAN firewall. If you're not seeing anything on those ports when you have logging enabled then the traffic isn't reaching pfsense, so something is wrong between your phone and your modem.
As a test you could just forward all ports to proxmox and see if that works, if it does then you need to figure out which ports it needs and if it doesn't then the traffic isn't reaching your router.
It has been more than a year for thisā¦ and not sure if a solution was foundā¦ I have similar scenario
pfSense installed on a Proxmox VM. basically interfaces vmbr0 and 1 one for external network another for internal network, they are behind another firewall doing 1:1 Nat ( I mean, my pfSense Wan ip Address is a private network ip address 172.X.Y.X) and is being routed on a 1:1 Nat from my provider.
I have not been able to use the Port forwarding neither on OpenVPN being able to see hosts on Lan network (only Lan gateway ip class A 10.0.0.1)
I though it might be something with the 1:1 Nat from my provider but I discarded that using netcat on the pfsense shell (yes I am able to connect to pfsense remotely through my 1:1 nat on web and ssh) and using netcat I was able to open all ports I wanted to add as port forwarding to ip addresses in the internal LAN, on different VMās in Proxmos, and when connecting from different servers I was able to do it. I did disabled hardware checksum offload and still nothing also enabled the reflection mode. and nothingā¦ I am running out of options.