Netgate m1n1wall

Author Topic: Beta5 Port Forwarding Problem  (Read 1838 times)

0 Members and 1 Guest are viewing this topic.

Offline mircsicz

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Beta5 Port Forwarding Problem
« on: February 16, 2011, 12:01:40 pm »
Hi all,

I've setup an ALIX 6E2 with the pfSense-2.0-BETA5-4g-i386-20110203-0154-nanobsd.img. See the attached PNG to understand my topology



I've setup several Port Forwardings on the WRAP and on the ALIX, but can't reach none off the machin's behind that dual PortForward.

Forward on the WRAP:


and on the ALIX:



I hope it's a simple prob and you can help...
« Last Edit: February 16, 2011, 06:11:31 pm by mircsicz »

Offline _igor_

  • Hero Member
  • *****
  • Posts: 602
  • Karma: +0/-0
    • View Profile
Re: Beta5 Port Forwarding Problem
« Reply #1 on: February 16, 2011, 12:29:05 pm »
What is the "DSL address" at your second router? There should be the address from the corresponding WAN-interface, say the WAN from the alix.

Offline heavy1metal

  • Full Member
  • ***
  • Posts: 205
  • Karma: +0/-0
    • View Profile
Re: Beta5 Port Forwarding Problem
« Reply #2 on: February 16, 2011, 02:16:11 pm »
I think I've misread something, your diagrams say the WRAP board is connected to the DSL line, and the alix board is connected to the cell network, but when you listed your port forwards it seems reversed? Looking at the interface names, the alix board has the DSL and the WRAP board has the cell (labeled WAN).

Do you have failover / load balancing set up between the two boxes? Are your rules to allow all for the lan side of your networks?

If I'm reading it correctly, you're forwarding from the HSDPA-pfsense directly to the client on the DSL-pfsense. Would you not instead port forward to the interface IP, then on the opposite box pick up the incoming and forward to the client?

HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> WAN | DSL BOX::: LAN(WRAP) >port-forward> MacBook Pro?

instead of

HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> MacBook Pro, I can only see this working if you create a tunnel between the two PFsenses, but I'm a total newb on it all.



Hi all,

I've setup an ALIX 6E2 with the pfSense-2.0-BETA5-4g-i386-20110203-0154-nanobsd.img. See the attached PNG to understand my topology



I've setup several Port Forwardings on the WRAP and on the ALIX, but can't reach none off the machin's behind that dual PortForward.

Forward on the WRAP:


and on the ALIX:



I hope it's a simple prob and you can help...

Offline mircsicz

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Beta5 Port Forwarding Problem
« Reply #3 on: February 16, 2011, 06:43:08 pm »
I've updated the schematic's to also show the interface IP's

What is the "DSL address" at your second router? There should be the address from the corresponding WAN-interface, say the WAN from the alix.

The "DSL Adress" on the second router is 10.10.2.2... As you expected!


I think I've misread something, your diagrams say the WRAP board is connected to the DSL line, and the alix board is connected to the cell network, but when you listed your port forwards it seems reversed? Looking at the interface names, the alix board has the DSL and the WRAP board has the cell (labeled WAN).

Do you have failover / load balancing set up between the two boxes? Are your rules to allow all for the lan side of your networks?

If I'm reading it correctly, you're forwarding from the HSDPA-pfsense directly to the client on the DSL-pfsense. Would you not instead port forward to the interface IP, then on the opposite box pick up the incoming and forward to the client?

HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> WAN | DSL BOX::: LAN(WRAP) >port-forward> MacBook Pro?

instead of

HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> MacBook Pro, I can only see this working if you create a tunnel between the two PFsenses, but I'm a total newb on it all.

Yes I've setup Load-Balancing:



Here's how I'ld describe my forwarding chain, using Transmission on the FreeNAS as example:

nas.mirco.home (10.10.10.11:31413) -> ALIX 10.10.10.1 LAN -> 10.10.2.2 WAN -> WRAP 10.10.2.1 LAN -> WAN ... all using port 31413

or OpenVPN:
ALIX 10.10.10.1:1194 LAN -> 10.10.2.2 WAN -> WRAP 10.10.2.1 LAN -> WAN ... all using port 1194

or SSH
ALIX 10.10.10.1:222 LAN -> 10.10.2.2:7778 WAN -> WRAP 10.10.2.1:7778 LAN -> WAN

And no I'm not going to forward any of the Ports to the UMTS interface on the ALIX

Greetz
Mircsicz

Offline mircsicz

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Beta5 Port Forwarding Problem
« Reply #4 on: February 20, 2011, 02:04:30 am »
Is there no one out there seeing the mistake/prob?

Here's a screeny of a complete rule, ssh in this case:


When I ssh to the WRAP and try to ssh back to the ALIX all I get is a timeout.
Quote
[1.2.3-RELEASE]
[root@wall.christel.home]/root(2): ssh -p7778 10.10.2.2
ssh: connect to host 10.10.2.2 port 7778: Operation timed out

I even checked with nmap:
Quote
nmap -p7778,31413,1194 10.10.2.2

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-20 01:45 CET
Nmap scan report for mirco.christel.home (10.10.2.2)
Host is up (0.00059s latency).
PORT      STATE    SERVICE
1194/tcp  filtered openvpn
7778/tcp  filtered interwise
31413/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds

I don't see why this rule doesn't work, please give me hint!!!


Greetz
Mircsicz

P.S.: I already upgraded to "pfSense-2.0-BETA5-4g-i386-20110216-0353-nanobsd-upgrade.img.gz"


Offline mikeisfly

  • Full Member
  • ***
  • Posts: 253
  • Karma: +0/-0
    • View Profile
Re: Beta5 Port Forwarding Problem
« Reply #5 on: February 20, 2011, 06:39:23 am »
I would check under you wan rules to make sure you are not blocking Private networks. Also if you only have port forwarding on your second nat you seem to be making more work for your self. Why not put the second NAT in a DMZ and then handle your port forwarding there? Hope this helps. Another thing to try is looking at your firewall logs to see what is going on.

Offline mircsicz

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Solved: Beta5 Port Forwarding Problem
« Reply #6 on: February 20, 2011, 07:27:11 am »
I would check under you wan rules to make sure you are not blocking Private networks.

Thank's for opening my eye's, that was the Prob!!!

I'll later check to put the ALIX in a DMZ on the WRAP to ease port forwarding...


Greetz
Mirco