Port Forward does not work..
-
@Bob-Dig said in Port Forward does not work..:
@root1ng Disable this checkbox on all the VM NICs, on your pfSense and your Linux Server.
I am running TS on a Linux VM (Debian) behind a pfSense VM on Proxmox too, it is running fine for me, just checked.
Deactivated but without result..
edit: And I gave a restart to be sure of both
-
@root1ng Maybe the host firewall, what Linux are you using exactly?
Maybe a routing problem, you could show us your proxmox network.In the beginning you had no hits at all on your rules. Have you fixed something or is your testing flawed otherwise? Send me your IP, I will check if I can connect.
Also show your rules on that VMs LAN.
-
@Bob-Dig said in Port Forward does not work..:
@root1ng Maybe the host firewall, what Linux are you using exactly?
Maybe a routing problem, you could show us your proxmox network.In the beginning you had no hits at all on your rules. Have you fixed something or is your testing flawed otherwise? Send me your IP, I will check if I can connect.
Also show your rules on that VMs LAN.
Datacenter, Node and all VMs firewalls are disabled;
I am using Ubuntu Server Pro 22.04.03;
Proxmox network attached:
The idea is that traffic appears in pfSense to the rules in the firewall, but only when I check the ports.
My IP sent privately in dm.TeamSpeak3 Server VM Networking:
-
@root1ng Why is Firewall still checked? Disable it. Also show your pfSense LAN rules for that Linux VM.
-
@Bob-Dig said in Port Forward does not work..:
@root1ng Why is Firewall still checked? Disable it. Also show your pfSense LAN rules for that Linux VM.
I told you that I deactivated them earlier and I deactivate them for nothing. Nothing happens
-
@root1ng It looks like your linux VM is in the Management network?
-
@Bob-Dig said in Port Forward does not work..:
@root1ng Why is Firewall still checked? Disable it. Also show your pfSense LAN rules for that Linux VM.
This is what you are talking about?
-
@root1ng Yep, that is good.
-
@root1ng if your not seeing the test from the outside on your .6 box, but your seeing it from your local .5 box.. When clearly pfsense sent the traffic on.. then you have something filtering it..
Even if the firewall on the vm was filtering it from the application, the sniff should still show it.
Pfsense has no job other to send the traffic to the IP you say to send it too - it has no control after it puts the traffic on the wire.. Clearly its putting it on the wire from your sniff. If your not seeing it at the end device. Is its sending it to the correct mac, have to assume so since you say that other 33 port is working.
Even had some firewall blocking it on pfsense on outbound direction, on your lan - the sniff you show on the lan side interface showing it was sent wouldn't show that if you had say a floating rule blocking it in the outbound connection..
You have something preventing the 9987 from getting to your VM, if you sniff and see pfsense put it on the wire, but your VM never sees it. Even if the vm wasn't listening or had a firewall blocking it.. The sniff should show that that traffic got there. So maybe you have something in your VM host preventing from sending it on to the VM, or sending it to the wrong vm.. Or something else filtering traffic from getting there - acl on a switch? Something in wifi if that is in use..
But if pfsense put it on the wire, pfsense job is done.. There is nothing else for pfsense to do..
-
@johnpoz Yeah, I could even connect to it, only OP can't do it to the public IP.
-
@Bob-Dig I know longer have my proxmox box to play with, so I can not test anything with proxmox.. But from what he shows pfsense put the traffic on the wire - if the destination is not getting it, that nothing to do with pfsense.
I would sniff on proxmox host to validate the traffic gets to it.. Then you for sure would know that its proxmox where the problem is.
edit: I even validated if you have a floating rule outbound to block it, would pfsense sniff maybe show going out the wire, even though it really wasn't
And when I block it with an outbound floating rule on the lan, the sniff never shows it going anywhere.. So it can't even be something like that.. Because he shows a sniff on pfsense sending on the traffic
-
@johnpoz said in Port Forward does not work..:
@Bob-Dig I know longer have my proxmox box to play with, so I can not test anything with proxmox.. But from what he shows pfsense put the traffic on the wire - if the destination is not getting it, that nothing to do with pfsense.
I would sniff on proxmox host to validate the traffic gets to it.. Then you for sure would know that its proxmox where the problem is.
edit: I even validated if you have a floating rule outbound to block it, would pfsense sniff maybe show going out the wire, even though it really wasn't
And when I block it with an outbound floating rule on the lan, the sniff never shows it going anywhere.. So it can't even be something like that.. Because he shows a sniff on pfsense sending on the traffic
Yes, it seems that from outside the network I can connect with the public IP, from inside the network (WiFi or Cable) I can't connect at all with the public address..
I don't understand what I have to check with Proxmox, because everything is default and I have nothing to change. -
@root1ng said in Port Forward does not work..:
from inside the network (WiFi or Cable) I can't connect at all with the public address.
your trying this from inside?? For that to work you would need to setup nat reflection.
-
@johnpoz said in Port Forward does not work..:
your trying this from inside?? For that to work you would need to setup nat reflection.
Yes, from the inside, no, I don't have NAT Reflection active.
Do I activate it globally or for each individual rule? -
@root1ng you can do it either way.. But with something like this you could have a problem.. But if your hitting the wan IP from the inside and not seeing traffic being sent on - that would be due to no nat reflection setup.
You might have to do a full proxy setup - not really a fan of nat reflection, its an abomination if you ask me ;)
But problem is even if you reflect if the source IP is local to where your sending it, and that something answers directly back.. The client might say hey wait a minute - I sent this traffic to mac abc (its gateway) why is mac xyz answering me.. You can see this very easy with dns and redirection.. There are plenty of posts around here going over that specific scenario..
But that really has nothing to do with plex doing the job of the port forward, but if you want plex to send the traffic to 1.6 when you hit your public IP from the lan side, that would need a nat reflection to be setup.
-
@johnpoz said in Port Forward does not work..:
@root1ng you can do it either way.. But with something like this you could have a problem.. But if your hitting the wan IP from the inside and not seeing traffic being sent on - that would be due to no nat reflection setup.
Ok, and do I enable nat reflection in Firewall - NAT - Port Forward for each rule added for the teamspeak server, or do I enable it globally from System > Advanced > Nat Reflection for Port Forward?
I think it's the same thing, but it's better to ask than to do another stupid thing :))
-
@root1ng I made some edits about nat reflection on my previous post, but you can set it up when you do the forward.
-
@johnpoz said in Port Forward does not work..:
But problem is even if you reflect if the source IP is local to where your sending it, and that something answers directly back.. The client might say hey wait a minute - I sent this traffic to mac abc (its gateway) why is mac xyz answering me.. You can see this very easy with dns and redirection.. There are plenty of posts around here going over that specific scenario..
But that really has nothing to do with plex doing the job of the port forward, but if you want plex to send the traffic to 1.6 when you hit your public IP from the lan side, that would need a nat reflection to be setup.
Ok and how do I do these settings? What should be set exactly? I don't understand, Pure NAT or NAT + Proxy or are there more advanced settings that need to be done?
-
@johnpoz said in Port Forward does not work..:
@root1ng you can do it either way.. But with something like this you could have a problem.. But if your hitting the wan IP from the inside and not seeing traffic being sent on - that would be due to no nat reflection setup.
You might have to do a full proxy setup - not really a fan of nat reflection, its an abomination if you ask me ;)
But problem is even if you reflect if the source IP is local to where your sending it, and that something answers directly back.. The client might say hey wait a minute - I sent this traffic to mac abc (its gateway) why is mac xyz answering me.. You can see this very easy with dns and redirection.. There are plenty of posts around here going over that specific scenario..
But that really has nothing to do with plex doing the job of the port forward, but if you want plex to send the traffic to 1.6 when you hit your public IP from the lan side, that would need a nat reflection to be setup.
I think I solved it and I hope I did the right thing, I changed the global settings, I'm attaching a picture below, is it okay?
By the way, this is how I can connect with the public IP from LAN/WiFi.
Without those two checked boxes I can't connect. (1:1 and outbound)
-
@root1ng said in Port Forward does not work..:
@johnpoz said in Port Forward does not work..:
@root1ng you can do it either way.. But with something like this you could have a problem.. But if your hitting the wan IP from the inside and not seeing traffic being sent on - that would be due to no nat reflection setup.
You might have to do a full proxy setup - not really a fan of nat reflection, its an abomination if you ask me ;)
But problem is even if you reflect if the source IP is local to where your sending it, and that something answers directly back.. The client might say hey wait a minute - I sent this traffic to mac abc (its gateway) why is mac xyz answering me.. You can see this very easy with dns and redirection.. There are plenty of posts around here going over that specific scenario..
But that really has nothing to do with plex doing the job of the port forward, but if you want plex to send the traffic to 1.6 when you hit your public IP from the lan side, that would need a nat reflection to be setup.
I think I solved it and I hope I did the right thing, I changed the global settings, I'm attaching a picture below, is it okay?
By the way, this is how I can connect with the public IP from LAN/WiFi.
Without those two checked boxes I can't connect. (1:1 and outbound)edit:
But that's not good, I connect and my IP changes to 172.16.1.1 which is actually the pfSense gateway.
Connecting with the public ip or dns I am assigned 172.16.1.1, if I connect with 172.16.1.6 I am assigned 172.16.1.5, I did something wrong..
