Proxmox Pfsense only 1 public IP

stephenw10 · Oct 21, 2022, 11:12 AM

Those screenshots are both of the firewall rules. Can we see the port forward?

Where are you testing it from? Where is the client?

I would also start with something easier to test directly like SSH and make sure that works.

Steve

Faker03 · Oct 21, 2022, 11:17 AM

@stephenw10
Sry my bad i hvae picked the Wrong Screenshot.

🔒 Log in to view

This is the Port Forwarding.
I will test it now with SSH

Elias

Faker03 · Oct 21, 2022, 11:30 AM

Also with SSH i get a refused connection.

🔒 Log in to view

stephenw10 · Oct 21, 2022, 11:33 AM

Do you see any states created in pfSense on either of those ports?

The port forwards looks correct. It seem like that traffic never reaches the pfSense WAN.

Steve

Faker03 · Oct 21, 2022, 11:36 AM

@stephenw10
🔒 Log in to view

These states i see but there is nothing visibe that the Rejected or Something like that.

Faker03 · Oct 21, 2022, 11:46 AM

It seems that it was this checkmark

🔒 Log in to view

Thanks for your help!
Elias

stephenw10 · Oct 21, 2022, 11:48 AM

So 10.0.0.2 is the pfSense WAN IP and 10.0.0.1 is the Proxmox host? Or some other VM you are testing from?

We do see that one SIP packet from some external address. And pfSense has opened a state for it so its being passed. Your WAN firewall rules are currently wide open.

Make sure you are actively trying to open an SSH connection when you check the states.

Steve

stephenw10 · Oct 21, 2022, 11:49 AM

It was the checksum off-loading? You were using vtnet NICs in Proxmox?

Faker03 · Oct 21, 2022, 11:57 AM

@stephenw10
Yes 10.0.0.1 is the Proxmox and 10.0.0.2 is the Pfsense.
I´m looking while i try to connnect to SSH. There are no new entries.

stephenw10 · Oct 21, 2022, 11:59 AM

But you are now able to connect to the Minecraft server with hardware checksum off loading disabled?

Faker03 · Oct 21, 2022, 11:59 AM

@stephenw10 It was working for 10 sec then the SSH refused again.
I think that i use vtnet on Nic but i dont know what this mean.

Faker03 · Oct 21, 2022, 12:02 PM

@stephenw10 no at the moment it does not work.

stephenw10 · Oct 21, 2022, 1:05 PM

Ok, where are you testing from? What is the source address?

The pfSense WAN is wide open so you should see states created for any traffic that hits it. It looks like your test traffic never makes it to pfSense so either Proxmox is not forwarding it or it never arrives at Proxmox.

Steve

Faker03 · Oct 21, 2022, 1:11 PM

@stephenw10
I have on the LAN a DHCP configured with the IP net 192.168.1.1/24 so the Container in Proxmox getting an IP from that.
I´ve checked the Ip adress with the NAT Rules.
I also checked the status from the SSH Server

So far as i know should be the rules forward all traffic to the pfsense.

🔒 Log in to view

🔒 Log in to view
🔒 Log in to view

stephenw10 · Oct 21, 2022, 1:26 PM

It doesn't look like a problem with the container, the traffic is not reaching the pfSense WAN.

How are you accessing the pfSense webgui? From the same place? What is that place? Something outside the Proxmox public IP?

Steve

Faker03 · Oct 21, 2022, 1:42 PM

@stephenw10
I acces the Pfsense via SSh over the Proxmox.
I map the Port to my Localhost
So via localhost 🔒 Log in to view

stephenw10 · Oct 21, 2022, 1:49 PM

Ah, OK.

You should be able to access it directly if Proxmox is correctly forwarding all traffic to the pfSense WAN. That should include port 443 to the pfSense webgui.

Faker03 · Oct 21, 2022, 2:01 PM

@stephenw10
I know that i was able to do that but at the moment it do not work. So it seems that Proxmox do not forward all traffic ?

stephenw10 · Oct 21, 2022, 2:18 PM

That's what it looks like to me.