NAT port forward rules being caught by default deny

Started by rwhitton, April 18, 2022, 02:19:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 18, 2022, 02:19:45 PM
(Version 22.1.6)

Having spent several hours I'm unable to get a simple NAT port forward rule working. It's always caught by the default deny rule.

It's a really simple NAT rule from WAN:5051 -> MY_INTERNAL_IP:5051 TCP. See attached.

I have the associated rule created and if I look at the firewall rules then I can see that the rule is there.

When I attempt to connect then looking at the live view I can see that it's being consistently caught by the default deny rule as shown below:

__timestamp__   2022-04-18T12:59:52
ack   
action    [block]
anchorname   
datalen   0
dir    [in]
dst   x.x.x.x
dstport   5051
ecn   
id   30452
interface   pppoe1
interface_name   WAN
ipflags   DF
ipversion   4
label   Default deny / state violation rule
length   52
offset   0
protoname   tcp
protonum   6
reason   match
rid   02f4bab031b57d1e30553ce08e0ec131
rulenr   9
seq   2845703226
src   y.y.y.y
srcport   51702
subrulenr   
tcpflags   S
tcpopts   
tos   0x0
ttl   121
urp   64240

I've had port forwards working previously without any issues. I've tried all the usual things such as rebooting; deleting the NAT rule and recreating; using different ports; changing NAT reflection, but the problem persists. Does anybody have any idea what might be wrong and how to fix this?

Many thanks


April 18, 2022, 07:31:50 PM #1
Have you tried as Destination

'This Firewall' or 'Any' ?

I have a couple of PFs for my Tor Relay with Destination 'This Firewall' and they work.
April 18, 2022, 07:58:57 PM #2
I tried any previously. I just tried "this firewall" and unfortunately I get the same response.

I think this is some sort of recent regression or change in behaviour. Possibly with 22.1.6 which I only upgraded to the other day. I set up port forward rule two weeks ago and it was fine.
Print
Go Up Pages1
User actions