pfSense 1.2.3, Portforwarding and firewall rules

A year ago I setup a minecraft server on my private network. To open it for friends and family I added a port forwarding rule through my pfsense 'appliance'. After awhile we stopped using the server (frequent updates came out for the server software and I was busy with work).

Today I setup a new minecraft server (hosted on my ESXi box) and edited the port forwarding rule in pfsense to point to its new IP address. Unfortunately it didn't work. NMAP, Symantec CRTTools and my TCP/IP Port Scanner app all showed the port as filtered/blocked/closed.

What Was going on?

Notes:

• pfsense (awesome distro of FreeBSD targeted for firewall/router purposes)

After banging my head on the problem for 90 minutes or so, I finally found the issue: I needed to edit the firewall exception that is paired to the forwarding rule.

For reference, adding a port forwarding rule in pfSense 1.2.3 does 2 things:

• Creates the forwarding rule (as expcected)
• A Firewall exception is automagically generated to the forwarded traffic

When you update the forwarding rule after the fact the firewall exception does not get changed. Once I updated the firewall exception with the correct destination IP Address everything worked great.

As an aside, I can highly recommend pfSense. It has been rock solid running on an old server in my basement (460 days uptime). Significantly better (Faster/more reliable) than a $350 Cisco wired router I had previously used.