Dual Wan, Portforward not working on OPT-Wan

tec

Hi I still have problems to get Dual Wan and Portforwarding on the Opt-Wan working.
normal Wan- PPPoe
Wan2 - Static IP behind a bridge-Modem
Wan3 - Ip by DHCP
First I did all the "Advanced Outbound Nats for the Connections" without having the Modem on Wan connected. See the Pictures for the information of outbound nat. Then I created the Portforwards from the Opt-Wan interfaces to the Clients. I rebooted to be sure and everything worked fine

Now I connect the DSL Modem and try to establisch the normal Wan connection.
1. I can go out via normal WAN only if the Connection is brougt up at boot time
2. with the PPOE Connection the Portforwards from the OPT-Wans are not Workind anymore. It is very strange becaue you can see at the attached logged file the packets pass the Firewall but you cant establisch the RDP connection.
3. Portforwards from WAN work without any Problem.

I am running Rc3, which was installed from scratch. No additionals Services as TrafficShaper, Dyndyns or VPN is running.

Does someone have a idea?
Regards

hoba

Show us the portforward at optwan and the firewallrule for that portforward please.

tec

Okay here is the Porftforward and correspondig firewall rule. The firewall rule was created through the Nat-Rule, the checkbox automatically create firewallrules was ticked.

hoba

Does it work if you disable the advanced outbound nat? I think some of these rules might mix things up. We do enable nat automatically if an interface has a gateway.

tec

Yes I had it working wothout "Advanced Outbound Nat". The reason why I enabled this was that I wanted to put a Counter Strike Source Server on the Internet that needs this "Static Port Feauture". The weird things is that when the PPPOE device at WAN could not make an Internet connection, the Portforwards are working on the Opt-Wans.
Do you have any suggestions ?

hoba

I think only one mapping can use a static sourceport at the same interface for the same port. You tried to assign several times the same sourceport at the same interface for traffic from different subnets. If the the pppoe WAN is down it bypasses one of these settings (the first match) and goes down to the OPTWAN static port rule which then works. I guess something like that is going on.

tec

Ok, I will trie to delete the "static mappings" the next time when I am in front of the router and post the results here.

rob_v

Hmmzz i got the same problems…
I installed PFsense again (clean install)
And only made 1 rule (RDP)
First i tryed it on WAN 1 this works
Then i tested on WAN 2 (OPT) and it doesn't work and i programmed the rules same.

I hope they will find a solution for this problem.

hoba

Upgrade to 1.0-RELEASE we fixed a condition where firewallrules were not applied before rebooting in certain circumstances.

rob_v

@hoba:

Upgrade to 1.0-RELEASE we fixed a condition where firewallrules were not applied before rebooting in certain circumstances.

I did that… But without any positive results...

tec

rob_v do you have a PPPOE connection on WAN?
I will try the next days to upgrade and solve the Problem

rob_v

I tested it with:

WAN 1 static

WAN 2 static

And with :

WAN 1 DHCP

WAN 2 static

Thx :)

tec

I am also now on Release 1:

• Portforwarding on Opt-Wan not working
  -deleted my static port entries but not effect

Now backed up config XML
-deleted all advanced outbound rules and enabled ipsec passthrough, and deleted "oubound tags" in config.xml installed again Pfsense, restored config.xml, did the normal reboot and it doesn´t even work work without having toutbound Nat enabled :-(

Still the same, the Firewall Rule is showed as above in the firewall log page but nothing happens

Right now I have the feeling that Dual Wan and Portforwarding is a mess or I am to stupid for this and just how it seems the latter is more likely

hoba

I have several locations where I'm using portforwards on multiwan setups (at WAN and OPT-WAN) without any issues. You really seem to have something wrong. I suggest starting over and not reusing the old config.

tec

Hoba, do you have on any location PPPOE as a Wan Interface?

hoba

uhm, no. Static everywhere. Maybe that makes a difference. Can you send me /tmp/rules.debug and your config.xml to holger dot bauer at citec-ag dot de?

Btw, how did you make PPPoE work at OPT-WAN  ???

tec

Hi Hoba,
there maybe some Kind of missunderstanding:
Wan (the normal PFsensenstandartwan) = Pppoe
Opt-Wan (Optional Interfaces with static ips or they get them per DHCP).

Therefore I asked if in any of your Setups you have the normal WAN as a PPPoe Connection?

hoba

PPPoE at WAN shouldn't affect portforwards at OPT-WAN.

tec

Shouldn´t….
I noticed only on an old install that when I plugged the cable of from the PPPOE Connection and rebooted the Portforwards where working on Opt-Wan this is the weird thing.

On your Opt-Wans. Do they have all Ip from an ISP ? I have on my Opt-Wan a 192.168.0.0/24 Adress because I need that a DSL Modemroute makes the PPPOE connection or is this a Problem that I am using a private Ip range on the OPT_Wan Interface?
Regards

I will install the next day from Scratch and make Babysteps, maybe I ca find exactly out at which Point the Problem lies.

Should I still mail you the requested files?

jeroen234

did you uncheck this option on the opt interface ?

Block private networks
When set, this option blocks traffic from IP addresses that are reserved for private
networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses
(127/8). You should generally leave this option turned on, unless your WAN network
lies in such a private address space, too.