Thank you

Renato

Thanks for your help guys! Actually, Centurylink does block port 25, on home and business lines. If you have leased static IP, and we do, you can go into the IP tool manager and open port 25. Just did that and all is good! Here's the link: http://internethelp.centurylink.com/internethelp/email-troubleshooting-port25.html

I removed those two outbound rules in pfSense.

For starters are you behind a NAT?  Did you tread the port forwarding troubleshooting guide?  Did you go through the steps there?

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Does your ISP even allow inbound traffic to 80 or 443.. Many of them may block this because your not allow to run servers on their service - check with your ISP.  Per the troubleshooting guide.. Sniff on your wan in pfsense packet capture, go to canyouseeme.org and generate traffic - do you see it in your sniff.. If not then your behind a nat that is not forwarding to you, or you isp is blocking, etc.

Ok, after writing this long post I tried to disable the tftp proxy. Don't know why I didn't do this in the first place. However now this works.

Still I don't understand why the tftp proxy intercepts the udp traffic. Is this the right behavior? And is there a defect in the tftp proxy? If it is there it should be working, right?

-flo-

True your forward needs to be to your actual server running owncloud not a network.

Sorry for the slow response.  I've been meaning to post a followup for a while…

Because of the way pfSense stores rules in XML, scripting this would involve parsing out tags and generating matching NAT/PASS rules.  I concluded that the right way to to this is by enhancing easyrule to support generating NAT rules, which I don't think would be too difficult.

It turned out to be unnecessary in my case, though.  I found out that HTcondor has a feature called "connection broker" that allows nodes to communicate with the scheduler from behind NAT just by switching it on and specifying the address of the scheduler.  It eliminates the need for the scheduler to connect to other nodes and instead routes all traffic through a connection initiated from the node to the scheduler (which I think is how it should have been done in the first place, but better late than never).  Hence, as long as the scheduler isn't behind NAT, there's no need for port forwarding.

Regards,

Jason

Openvpn? Give the openvpn client non-routable ip and 1:1 on that ? At least it should work in theory.

@johnpoz:

So your trying to ftp working with telnet?

"telnet ftp-server 21"

Good catch didn't see that, usually the simplest answer is the correct one. Unless he just made a typo.

Ok, so what happens if you just type 'nslookup www.google.com', leaving out the '8.8.8.8'? Do you still get a reply? If not, then the problem is that your client doesn't have a valid DNS server defined in it's network config. If you do get a positive reply, then the issue is probably with the browser you're using - aka: it will have a proxy server set in the browser config which doesn't exist, or something like that.

Tells you right in your error

Response:  227 Entering Passive Mode (192,168,1,12,26,8).
Status:  Server sent passive reply with unroutable address. Using server address instead.

Before the helper/proxy use to change that IP to the public - now there there is no helper/proxy your ftp server has to send the actual public IP.  Read the doc dok linked too.

I change the processor type from kvm64 to qemu64

@dotdash:

Try creating an alias on the WAN like 10.215.221.1/25, then create CARP VIPs for 10.215.221.2,3,4,etc. Then use the CARP VIPs for 1-1s or port forwards. You should also be able to use 'Other' VIPs, but CARP type are more flexible.

Great, it works perfectly, even if I don't create the alias on the WAN, just  with the CARP VIPs.

Thank you!

I still see incoming ports randomizing.

Anyone have any more ideas?

I think I know what the problem is, .. however I'm not sure how to solve this

from what i gather

tcp:

however, ..

WAN2 is a secundairy gateway while WAN1 is the default gateway, .. traffic is comming in through WAN2, however since the WAN1 is the default gateway of the client, it responds through WAN1, connection failed.

Exactly like johnpoz said earlier.

edit:

yes, if i change the route for that specific ip i can connect to the tcp, however now my question how can i make a dynamic route so that when I connect to it that traffic goes through the correct gateway. And that's why UDP works. It all makes sense now.

can this be solved with a routing daemon?

"as I am unable to NAT outbound traffic on WAN 1 to a WAN 2 IP"

How would that have ever worked??  Makes no sense that would work.

Thank you! You made my day.
I was looking for this answer a couple of weeks!