(Version 22.1.6)
Having spent several hours I'm unable to get a simple NAT port forward rule working. It's always caught by the default deny rule.
It's a really simple NAT rule from WAN:5051 -> MY_INTERNAL_IP:5051 TCP. See attached.
I have the associated rule created and if I look at the firewall rules then I can see that the rule is there.
When I attempt to connect then looking at the live view I can see that it's being consistently caught by the default deny rule as shown below:
__timestamp__ 2022-04-18T12:59:52
ack
action [block]
anchorname
datalen 0
dir [in]
dst x.x.x.x
dstport 5051
ecn
id 30452
interface pppoe1
interface_name WAN
ipflags DF
ipversion 4
label Default deny / state violation rule
length 52
offset 0
protoname tcp
protonum 6
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
rulenr 9
seq 2845703226
src y.y.y.y
srcport 51702
subrulenr
tcpflags S
tcpopts
tos 0x0
ttl 121
urp 64240
I've had port forwards working previously without any issues. I've tried all the usual things such as rebooting; deleting the NAT rule and recreating; using different ports; changing NAT reflection, but the problem persists. Does anybody have any idea what might be wrong and how to fix this?
Many thanks
Have you tried as Destination
'This Firewall' or 'Any' ?
I have a couple of PFs for my Tor Relay with Destination 'This Firewall' and they work.
I tried any previously. I just tried "this firewall" and unfortunately I get the same response.
I think this is some sort of recent regression or change in behaviour. Possibly with 22.1.6 which I only upgraded to the other day. I set up port forward rule two weeks ago and it was fine.