Plex port forward only works with filter association set to pass

Started by mkono87, October 21, 2021, 01:29:48 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 21, 2021, 01:29:48 AM
I just wanted to double check with the community here. When I moved recently I switched to opnsense, I did my normal port forward but then was getting complaints from family about getting indirect connection. I noticed the port was still closed. When i changed filter association to pass it opened the port. I had pfsense before and never did this nor does my other current forwards have that, they are set to none. Is this normal. Here is my Nat forward.
October 21, 2021, 02:00:00 AM #1
My Plex port forward works fine with a filter rule association

I have NAT reflection specifically enabled on my rule too
October 21, 2021, 02:29:56 AM #2
Okay, I just didnt know if this was being done automatically in pfsense even though its none. I even have a 80 and 443 port forwarding going to my reverse proxy and its also set to none so it just really through me off when changing this plex one to pass is what made it work.
October 22, 2021, 06:38:36 PM #3
Quote from: Greelan on October 21, 2021, 02:00:00 AM
My Plex port forward works fine with a filter rule association

I have NAT reflection specifically enabled on my rule too
Is there a way to set it to pass by default. It's creating a pass rule for the port forward correct?
October 22, 2021, 08:44:37 PM #4
"Pass" doesn't create a rule but AFAIK sets a keyword on the port forward that means traffic is passed without a firewall rule

The default for a port forward (same for pfSense) is to create an associated filter (firewall) rule to specifically allow the traffic. In most cases this should work perfectly fine, as it does for me

Try deleting your current port forward and creating a new rule, this time not changing the filter rule association default
October 23, 2021, 12:40:17 AM #5
Thinking about this further, I feel it could be a NAT reflection issue. Make sure it is enabled on the port forward and in Firewall/Settings/Advanced (I also enable the automatic outbound NAT for reflection)
October 23, 2021, 12:42:12 AM #6
Quote from: Greelan on October 23, 2021, 12:40:17 AM
Thinking about this further, I feel it could be a NAT reflection issue. Make sure it is enabled on the port forward and in Firewall/Settings/Advanced (I also enable the automatic outbound NAT for reflection)
Out of the 3 options for reflection, just the 1:1 I do Not have checked.
October 23, 2021, 12:47:02 AM #7
OK. Specifically enable it on the port forward too - I have a recollection that I needed to do that previously, and just setting it to use the system default was not enough for some reason
October 23, 2021, 12:48:27 AM #8
Quote from: Greelan on October 23, 2021, 12:47:02 AM
OK. Specifically enable it on the port forward too - I have a recollection that I needed to do that previously, and just setting it to use the system default was not enough for some reason
Everything is working fine with the just the rule association set to pass. I ended up having to do it my other forwards as well. I guess pfsense didn't this automatically.
October 23, 2021, 12:50:30 AM #9
As I said, the default behaviour on pfSense is the same as on OPNsense: https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#port-forward-settings
October 23, 2021, 12:52:50 AM #10
Quote from: Greelan on October 23, 2021, 12:50:30 AM
As I said, the default behaviour on pfSense is the same as on OPNsense: https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#port-forward-settings
Hmm that's odd, I just checked the forwards on that pfsense box they are all set to none and never had that issue.

I guess il just have to make sure to set to pass for any new nat forwards created.
October 23, 2021, 12:55:40 AM #11
You must have WAN allow rules on your pfSense. The port forward only redirects the traffic, you still need a firewall rule to allow the traffic in on WAN (if you don't use the pass option on pfSense)
October 23, 2021, 12:57:04 AM #12
Quote from: Greelan on October 23, 2021, 12:55:40 AM
You must have WAN allow rules on your pfSense. The port forward only redirects the traffic, you still need a firewall rule to allow the traffic in on WAN
Which it creates it on its own as I never had to create a rule after. I think that's what's been confusing me with all this as it seems an extra step is needed is all.
October 23, 2021, 12:59:22 AM #13
Must be a GUI display issue then on pfSense - ie it has created the filter rule as per default behaviour, but is not listing it in the GUI and instead showing "None".  On OPNsense the GUI either shows the name of the rule as per the port forward description, or just says "Rule"
October 23, 2021, 01:01:13 AM #14
Quote from: Greelan on October 23, 2021, 12:59:22 AM
Must be a GUI display issue then on pfSense - ie it has created the filter rule as per default behaviour, but is not listing it in the GUI and instead showing "None".  On OPNsense the GUI either shows the name of the rule as per the port forward description, or just says "Rule"
Fair enough, it's possible. We'll at least now I know that needs to be done on opnsense.

Now I just to figure out what other things I can make use of on it for a home environment.
Print
Go Up Pages1
User actions