Issue to manage pfsense from internet

Gertjan

@rjcab said in Issue to manage pfsense from internet:

If I focus on 'NAT pve', I don't know how to investigate further to identify the cause.

You know where the traffic arrives : the WAN interface.
You should know what WAN IP you have : [https://www.whatismyip.com/) : click and you'll know ^^
You know what destination port is used : 8006
You know what protocol is used : TCP.

Now you know enough to check if traffic arrives at the WAN gates :

Hit start, and go drink a coffee at your neighbors place. Use their Internet access again, and visit the IP you've found as you WAN IPv4.
That all there is.

If the Packet Capture starts to capture packets, you know traffic comes into the WAN interface.
Traffic you've emitted ? Easy to check also as the source IPv4 should be the IP you used when you were at your neighbors place.

If all this went well, you've proven a very important step : does the traffic arrive at your pfsense as it is totally a waste of time if the traffic isn't even arrive at your pfSense. This can happen if you were using an upstream ISP router : you have to NAT that router also.
Your ISP could also block incoming connection ...
Or you use some sort of CGNAtted IP (given to you by your ISP) so you can't access your pfSense whatever you try.

YannTKO

Or use tailscale to access to your LAN devices (easy to setup).

rjcab

@Gertjan

so traffic goes to LAN Interface:

But how to see if the Ip of proxmox is reached ? (192.168.1.252) ?

Gertjan

@rjcab

I don't know where this 192.168.10.253 comes from.

rjcab

@Gertjan ,

here below, more clear:

With my Lan 192.168.1.0/24 I have my proxmox server in 192.168.1.252

Gertjan

@rjcab

Ah, ok, more clear now.

What does this capture tell you

?

rjcab

@Gertjan so traffic comes in:

So it seems no issue from the FW itself

When I did the same within my LAN https://192.168.1.252:8006/, it works but no packet captures from my laptop (192.168.1.220)

Gertjan

@rjcab

Ok, looks like the traffic reaches 192.168.1.252 port 8006.

Now, check this 192.168.1.252 port 8006 device if it accepts traffic from :

rjcab

@Gertjan said in Issue to manage pfsense from internet:

192.168.1.252 port 8006 device if it accepts traffic from

sorry still new in pfsense but how can I check if it accepts ?

Gertjan

@rjcab said in Issue to manage pfsense from internet:

I have my proxmox server in 192.168.1.252

Proxmox is not pfSense.
Who admins this 192.168.1.252 ? Go ask why it doesn't accept traffic from

rjcab

@Gertjan the Admin is myself :-)

It accepts when I do from LAN but no from WAN whereas traffic seems come in :-)

Gertjan

@rjcab said in Issue to manage pfsense from internet:

It accepts when I do from LAN but no from WAN whereas traffic seems come in :-)

And that's a pretty good default security setting.
But you've decided to admin this device also from 'the internet'.

I'm pretty sure the device has settings, so it's time to inform the device it should also accept connection from the Internet.
Exactly like "MS RDP".