PfSense portforwarding issues (DMZ-host, multiple routers)

[Tigo]

Hey all,

 

Looked around on this forum a bit and didn't really find anything that could help me with my problem. If this is in the wrong thread/forum/something, sorry in advance, I'm new here.

 

This is a rough sketch of how my network looks like now: http://imgur.com/n65UTxj
(Note: the first router is not in bridge-mode)

 

I would like to forward a port on my router so that I can play games online/host a server. (The Crew, Minecraft, etc)
I am trying to forward port 25565, on 192.168.1.106.

Router 1 DMZ-Host config: http://imgur.com/OJEpUbz  (PfSense's WAN IP-address is 192.168.178.40)
Router 1 Forwarding config: http://imgur.com/x43Hsgs
PfSense config: http://imgur.com/yL53h5M

Second router is in AP-mode, so I don't have to port forward anything there. (I think)

 

I also made some rules in the firewall on my computer, and I don't have any interfering programs running, like virus-scanners and/or VPN apps.
These are the two rules I made in the firewall: 
https://imgur.com/a/Plyfo (2 images)

 

Canyouseeme.org returns this message: http://imgur.com/a/FI9uL

 

I hope someone here can help me. If you need any other pictures/configuration settings, please ask.

 

Thanks.

[brwainer]

6 hours ago, Tigo said:

Router 1 Forwarding config: http://imgur.com/x43Hsgs

Remove this. A) you already have PFSense set your as the DMZ host, so this is redundant, and B) Router 1 has absolutely no knowledge at all about 192.168.1.106. It's like asking the postal service to mail a letter to God. Just get rid of all forwarding rules on Router 1, except the DMZ Host.

[Eniqmatic]

Indeed, you are asking it to forward to an address that won't be in its routing table. They are on separate networks.

 

A better way to do it if possible is to set router 1 in bridge mode if it supports it, then you can setup the WAN connection from the pfSense rather than it being the middle man so to speak. Your public IP will then be visible on the pfSense machine and makes it easier to set your rules.

[Tigo]

11 hours ago, brwainer said:

Remove this. A) you already have PFSense set your as the DMZ host, so this is redundant, and B) Router 1 has absolutely no knowledge at all about 192.168.1.106. It's like asking the postal service to mail a letter to God. Just get rid of all forwarding rules on Router 1, except the DMZ Host.

 

I removed all forwarding rules in router 1, except for the DMZ host, like you said.

 

Canyouseeme.org now returns http://imgur.com/I64mcJE

(Also added an UDP inbound/outbound rule in the firewall, only a TCP didn't seem to work at first.)

 

Thanks for your help. Appreciate it.

 

 

3 hours ago, Eniqmatic said:

Indeed, you are asking it to forward to an address that won't be in its routing table. They are on separate networks.

 

A better way to do it if possible is to set router 1 in bridge mode if it supports it, then you can setup the WAN connection from the pfSense rather than it being the middle man so to speak. Your public IP will then be visible on the pfSense machine and makes it easier to set your rules.

 

 

That would be a better way indeed, I'll look into this. Thanks for your suggestion.