Confused about port forwarding

23roadsdiverged

This post is deleted!

johnpoz

@23roadsdiverged you don't need to know the public IPs that want to talk to some internal IP, unless you want to lock it down.. But there is nothing in your rules that would stop 10.0.0.x from talking to some public IP.. But if you need the public internet to be able to talk to 10.0.0.254 that is behind pfsense.

Then that would a port forward on your wan (wan address), that forwards the port to that IP..

example.

by default pfsense would create the wan firewall rule to allow the port forward

There is no reason you would need a "route" to get to 10.0.0.251, because pfsense knows how to get to anything on your 10.0.0.0/24 network because it is attached to it.

23roadsdiverged

@johnpoz Ok, I have cleared out all misconfigured NAT rules and now have only the block Bogon and RFC 1918 ones showing. I then added the rule you described. Here's another thing I don't understand... in the Netgear, this 10.0.0.254 address was not listed in the IPv4 leases... but the 10.0.0.251 was. But the fire panel worked just fine. The 10.0.0.9 IP address listed in the port forwarding also was listed in the IPv4 leases, so I am not sure what that was for (it is also outside of the DHCP range).

johnpoz

@23roadsdiverged, if the device is setup up as static IP on the device, then no it wouldn't be listed in some dhcp servers lease table.

23roadsdiverged

Sorry, what I meant was in the Netgear it was listed under "Connected Devices" with the static IP, along with all other connected devices, whether static or dynamic IP.

In Netgate/pfSense, the only similar screen I have found is the DHCP leases, I don't see where to access a similar "Connected Devices" page like what the Netgear had. But yeah, pfSense only lists static IPs on that list if I manually configure a device that initially shows up as a dynamically assigned IP.

rcoleman-netgate

@23roadsdiverged Check the ARP Table.

23roadsdiverged

This post is deleted!

23roadsdiverged

@rcoleman-netgate Ok, so when I looked, sure enough the 10.0.0.251 was not showing up in the ARP table. Feel dumb that I didn't realize the "Connected Devices" on the Netgear is the ARP table... I then reassigned the MAC address to 10.0.0.254, and it shows active and now shows up in the ARP table.... I will see if that, combined with the proper port forwarding from @johnpoz allows communication. Ty both!

23roadsdiverged

@23roadsdiverged said in Confused about port forwarding:

@johnpoz
Here is the packet sniff for the printer:
11:34:49.095174 ARP, Request who-has 10.0.0.201 tell 10.0.0.87, length 46
11:34:58.364292 IP 10.0.0.201.5353 > 224.0.0.251.5353: UDP, length 45
11:35:00.033978 IP 10.0.0.201.5353 > 224.0.0.251.5353: UDP, length 45
11:36:19.876493 ARP, Request who-has 10.0.0.201 tell 10.0.0.83, length 46
11:37:10.958889 IP 10.0.0.201.138 > 10.0.0.255.138: UDP, length 215
11:37:11.003874 ARP, Request who-has 10.0.0.201 tell 10.0.0.87, length 46
11:38:11.019862 IP 10.0.0.201.138 > 10.0.0.255.138: UDP, length 215
11:38:41.897896 IP 10.0.0.201.41839 > 8.8.8.8.53: UDP, length 36
11:38:41.897990 IP 10.0.0.201.41839 > 8.8.8.8.53: UDP, length 36
11:38:41.927469 ARP, Request who-has 10.0.0.201 tell 10.0.0.1, length 28
11:38:41.927725 ARP, Reply 10.0.0.201 is-at 00:80:91:b8:42:d5, length 46
11:38:41.927741 IP 8.8.8.8.53 > 10.0.0.201.41839: UDP, length 206
11:38:41.947990 IP 8.8.8.8.53 > 10.0.0.201.41839: UDP, length 254
11:38:42.002268 IP 10.0.0.201.37642 > 8.8.8.8.53: UDP, length 44
11:38:42.032853 IP 8.8.8.8.53 > 10.0.0.201.37642: UDP, length 130
11:38:42.060924 IP 10.0.0.201.47100 > 8.8.8.8.53: UDP, length 47
11:38:42.150572 IP 8.8.8.8.53 > 10.0.0.201.47100: UDP, length 115
11:38:42.151309 IP 10.0.0.201.37955 > 8.8.8.8.53: UDP, length 47
11:38:42.239046 IP 8.8.8.8.53 > 10.0.0.201.37955: UDP, length 115
11:38:42.239685 IP 10.0.0.201.38925 > 8.8.8.8.53: UDP, length 48
11:38:42.340426 IP 8.8.8.8.53 > 10.0.0.201.38925: UDP, length 116
11:38:42.342240 IP 10.0.0.201.43624 > 8.8.8.8.53: UDP, length 41
11:38:42.342288 IP 10.0.0.201.43624 > 8.8.8.8.53: UDP, length 41
11:38:42.428810 IP 8.8.8.8.53 > 10.0.0.201.43624: UDP, length 109
11:38:42.436669 IP 8.8.8.8.53 > 10.0.0.201.43624: UDP, length 109
11:38:43.607172 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.653268 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 0
11:38:43.653674 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.691144 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 111
11:38:43.691554 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.691796 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 18
11:38:43.732928 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 206
11:38:43.773247 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.817188 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 10
11:38:43.850739 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 29
11:38:43.851159 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.851611 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 169
11:38:43.894592 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 1448
11:38:43.894612 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 1448
11:38:43.894629 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 1084
11:38:43.895250 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.929558 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 170
11:38:43.967681 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 51
11:38:43.968876 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 47
11:38:44.010279 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 245
11:38:44.036481 IP 10.0.0.201.56031 > 8.8.8.8.53: UDP, length 44
11:38:44.050500 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:44.074175 IP 8.8.8.8.53 > 10.0.0.201.56031: UDP, length 130
11:38:44.075845 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 41
11:38:44.115549 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 47
11:38:44.116014 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:44.116295 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 59
11:38:44.151756 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 0
11:38:44.152189 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 47
11:38:44.152632 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 47
11:38:44.243954 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 0
11:38:56.070231 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 192
11:38:56.070872 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 35
11:38:56.107991 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 77
11:38:56.108724 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 0
11:38:56.109364 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:56.147361 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 0

This packet capture is for when the printer is trying to send a scanned page out through the email.

johnpoz

@23roadsdiverged said in Confused about port forwarding:

11:38:42.239685 IP 10.0.0.201.38925 > 8.8.8.8.53: UDP, length 48
11:38:42.340426 IP 8.8.8.8.53 > 10.0.0.201.38925: UDP, length 116

Well clearly the printer is talking to the internet and dns there is it sending to and getting an answer.

11:38:43.607172 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.653268 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 0
11:38:43.653674 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.691144 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 111
11:38:43.691554 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.691796 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 18
11:38:43.732928 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 206
11:38:43.773247 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 0
11:38:43.817188 IP 10.0.0.201.50587 > 52.96.182.194.587: tcp 10
11:38:43.850739 IP 52.96.182.194.587 > 10.0.0.201.50587: tcp 29

Here is it talking to what is an email server because the port is 587.. So whatever your problem isn't a firewall issue.

23roadsdiverged

@johnpoz OK, ty, yes. It turned out to be a password issue. Thank you for your help. Now I just need to figure out the fire panel.