Pfsense and OVH Configuration [HELP]
-
I have a dedicated server with two failover IPs: WAN IP 51.123.123.123 (1st Failover) and LAN IP 192.168.1.101. On this server, I've set up a virtual machine using a virtual IP (VIP) of 51.123.123.124 where I've installed my web server, CentOS 7.
To ensure external access to my applications, I've set up NAT port forwarding for ports 1433 (database) and 39101 (login). These ports are open and properly configured, as confirmed by online port checking tools like https://www.yougetsignal.com/tools/open-ports/.
The issue I'm facing is that while login attempts on port 39101 are successful, attempts to access the database on port 1433 are failing. Oddly, when attempting to access the database from outside the WAN, it works perfectly. My goal is to enable communication from port 1433 to port 39101 within my server's setup.
I'm relatively new to this, so any guidance or assistance in resolving this issue would be greatly appreciated.
-
If you're using the external IP, or a hostname that resolves to the external IP, to access that you will need to use split DNS or NAT reflection.
See: https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html
Steve
-
@stephenw10 Thank you for response, but still the same. still denying attempt to access database from 1433 going to 39101 port.
-
Between which hosts? How are you connecting?
-
@stephenw10 I'm connecting to the WAN address using an IP alias, a virtual IP (VIP) specifically. Within my CentOS 7 machine, I've set up port openings for two services: port 39101 for the web server and port 1433 for the database server. Both services are hosted on the same CentOS machine.
When attempting to access port 39101 for the web server, there are no issues, and I can successfully log in. However, when I attempt to access port 1433 for the database server, the connection is initially established but then abruptly closes. without encountering any errors.
Upon examining the server logs, it becomes apparent that port 1433 is being opened but then subsequently closed. This behavior is unexpected and is hindering the intended communication between these ports.
-
Check the states in Diag > States when you're trying to connect so see what the firewall is doing. If gets immediately rejected though it sounds like it could be forwarding correctly and the CentOS server is blocking it.
-
@stephenw10 here is the result. I tried to spam the login. so we can capture the result
-
Those states are for 38101 and you said 39101 above. But I see no states at all for 1433.
Is that traffic actually arriving at the WAN? Try adding logging to the pass rule on WAN. Or run pcap for port 1433 on WAN. -
@stephenw10 Sorry how to perform PCAP 1433 on WAN?
-
In Diag > Packet Capture like:
-
@stephenw10 Hi, base on the record. it didn't reach 1433 Port. it just stuck in 38101.
-
Well pfSense can't forward traffic that never arrives.
Maybe that port is blocked by OVH or your ISP.
Steve
-
@stephenw10 Hello sir Steve. I got some error.
I attempted to use SSH to access a CentOS 8 database server. Additionally, I used telnet to check port 38101. The connection was established, but it abruptly closed.
Port Forward Config
Nat 1:1 Config and Outbound = Hybrid
WAN Config
NAT Config -
What do the states show when you test that?
I assume that CentOS alias contains the correct two ports?
