Hi, first of all my setup was working properly before I replaced my OpenWRT router with my pfsense machine. I use my server (Ubuntu server running in my closet) to run Plex+Transmission and my PC to Host Warcraft 3 matches remotely. And all of this worked just fine with OpenWRT with some simple port forward. But now after a week of tinkering with PFsense and setting everything up, I cannot get this part done. My network is laid out as follows:
When I go to canyouseeme.org if the service is running on my server I get the Port is open Sing and on my local network I can access Plex and transmission just fine. But when I try accessing them over my external Ip it fails. Funny thing though Plex works on the mobile app while not connected to my home network (accessing from the internet), and on it settings it says it is available remotely.
Also to try to discard my server I tried the same with a Warcraft 3 match on my Desktop and no luck.
So port forwarding sort of works, but not fully. This is really bugging me, I never thought it would be this difficult to set up having such an advanced router os.
Any help will be much appreciated, thanks in advance!
I'm pretty sure that when plex says it's connected remotely that means that it's going via their server rather than a direct connection, so I don't think the port forwarding is working for that either. It will say in plex if it is working or not.
Your NAT and WAN rules look okay, what does your LAN rules look like?
Presumably nothing is connected to the WAN port on the openwrt router? as in you're just using it as a switch/AP?
2 Likes
Actually, those top two allow any rules on your WAN page, delete those.
I'd just move them to the bottom of the list. Removing them will nuke internet access for the rest of the subnet. (errr, or were you talking about the NAT rules?)
@agusexander can you ping the PFSense router from your warcraft server? I guess you'd havethe routing already setup for traffic moving to/from that server? Since you have a router behind your router you'll need that table.
Those are the WAN rules, you don't want allow any to any rules on the WAN. Plus it's probably interfering with the port forwards as they're above them
Those are the default stealth rules though eh? I've never looked into the rules to actually see what they do.
Here are my lan rules, it's the default stuff :
Yes that is true, wan port on OpenWrt is left unplugged. Could it be the second router the one that is messing up? How come then if it is DHCP disabled?
Yes I can ping 192.168.1.1 from my PC. Fun fact if I browse my public IP it lands me on my PFSense login screen but only if I do it from my network, could that say something about this whole issue?
I think those wan rules are default If I'm not mistaken.But I can try moving them down.
You definitely need a rule that denies any WAN source traffic to your firewall. That'll keep you from being able to see your router from the internet.
I'm going to say that yes the second firewall is screwing up your access. What I would do in your situation is put the Warcraft server between the two firewalls making a DMZ area. That should resolve your issue here.
Edit: To clarify it's not that you have two firewalls, I'm just thinking that you need a route configured to get out through the second firewall.
I factory reset pfsense and you were right those were not the default rules. However even when in Factory defaults when I access my router through my ddns (only setting I tweaked) I get the router login screen.
To test if my second router was screwing PFsense I connected my desktop directly into the Pfsense router (fowarded WC3 port) and tried to fire up a WC3 match and it didnt work im using a program called WC3 Proxy I use to test it (connecting directly through my ddns domain). So it seems the issue is more pfsense related.
Same thing happends with Transmission. Port show up as open when servers running and show up as closed when server is off. But cannot access the web interface at
http:/example.ddns.net:9091/transmission/web/ Do I need to foward http? could that be the issue? but what about WC3?
So your port is opened... do you have anything blocking the connection on the actual warcraft machine? Software firewall?
Nope, and that worked before with OpenWRT plus the same happens with my ubuntu server (which previously worked) when I connect it directly to the PFsense router. So the issue is not on one machine either.
Oh boy it was working the whole time... problem is I cannot see it on my own network, I tried using my phone's cellular data and it just plain worked. The issue seems to be that Loopback is not enabled by default on pfsense.
It should be? Are you using manual or hybrid nat?
Edit: Glad it's working though.
hehe thanks!, not sure what that means, but somebody on pfsense forums told me to follow this tutorial, I'll report back if it fixes the issue.
https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
I'd imagine number 1 is going to fix that issue for you. In your NAT section if you have it on hybrid or manual under outbound you'll see that 127.0.0.1 is addressed there.
1 Like
The default rule is to deny everything, and by default there should be no rules for wan because you want to block all inbound traffic. So the only rules you should have there are for Port forwards.
There are two ways to access stuff on your local network via your public IP from within your network. The best way is to configure your dns server to send you to those local IPs when you try to use your DDNS domain. The second is to enable nat reflection. You can do that for each nat rule or you can set it as the default action in the advanced system settings.
1 Like
That solved the issue thanks everyone!
