Dual Wan, Portforward not working on OPT-Wan

tec

Shouldn´t….
I noticed only on an old install that when I plugged the cable of from the PPPOE Connection and rebooted the Portforwards where working on Opt-Wan this is the weird thing.

On your Opt-Wans. Do they have all Ip from an ISP ? I have on my Opt-Wan a 192.168.0.0/24 Adress because I need that a DSL Modemroute makes the PPPOE connection or is this a Problem that I am using a private Ip range on the OPT_Wan Interface?
Regards

I will install the next day from Scratch and make Babysteps, maybe I ca find exactly out at which Point the Problem lies.

Should I still mail you the requested files?

jeroen234

did you uncheck this option on the opt interface ?

Block private networks
When set, this option blocks traffic from IP addresses that are reserved for private
networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses
(127/8). You should generally leave this option turned on, unless your WAN network
lies in such a private address space, too.

hoba

Yes, please send me the files. Maybe something obvious pops up by viewing them.

rob_v

Hi,

Is it possible to make a (simple) config file what works with 2 WAN's (port forwarding RDP or HTTP or FTP)
It doesn't matter what for IP your use in this config file.
I want to compare this config file with my own settings maybe i missed something?

Thank you.

Kind regards
Rob

tec

Hi back at home,
so jeroen234 on the Opt-Interfaces there is no Checkbox

hoba: I disconnected the Cable from WAN rebooted and then
the Forwards worked on OPT-WAN. The config with the normal NAT Setuo and also the Config with Advanced Outbound Nat enabled.

rob_V could you also test you Setup if you disconnect the cable from WAN  and pos tyour results, only to verify if this could be the bug

Cheers

rob_v

@tec:

Hi back at home,
so jeroen234 on the Opt-Interfaces there is no Checkbox

hoba: I disconnected the Cable from WAN rebooted and then
the Forwards worked on OPT-WAN. The config with the normal NAT Setuo and also the Config with Advanced Outbound Nat enabled.

rob_V could you also test you Setup if you disconnect the cable from WAN  and pos tyour results, only to verify if this could be the bug

Cheers

I tryed that without any positive result..
After this experiment i switched the networkcards to another pci slot.
But pfsense can't handle this action :P (get everytime watch dog failures).
So i have to install pfsense again….  I think i gonna buy a hardware router RV042 from linksys i'm tyred about pfsense soz..
It looks good and i think it will works fine but on my system....

Thanks, maybe i will use pfsense when i'm in a good mood..

Or.... Sombody gots a configfile what works with 2 wans and 2x RDP connection from wan to lan and opt to lan?
That's the only thing wat i want to try..

svd

i have similiar problem.
i have
WAN (STATIC)
LAN (STATIC)
OPT1 (STATIC)
OPT2 (STATIC)
WAN2 (STATIC)

everything is working through WAN but i can not even ping default gateway or any IP on WAN2 in my WAN2 network (/24). I did tcpdump on WAN2 NIC and see that packets are going in or out. But WAN2 never answers on ARP requests.

19:40:57.062126 arp who-has ...103 tell ...96

WAN2 status is up. I did reboot pfsense a few times but still no luck.
Any suggestions?

(pfsense 1.0-RELEASE)

hoba

Make sure your WAN2 settings are correct. Maybe there is a typo somewhere? Do you see any traffic from the pfSense at all? Maybe you need a crossovercable?

svd

my connection on WAN2 is like that:

DSL_Modem
            |
      | switch |

WAN2|      | server with ..*.96 IP
with …103

i run tcpdump on 96 and 103.
if i ping from ...96 to ...103 IP i see on both servers (96 and pfsense) arp request from
96 "who has ....103 IP". pfsense doesn't answer.
if i ping from ...103 to ...96 IP i see on both servers ICMP packet from 103 is going to 96.
96 is trying aswer on and an sends ARP request "who has ....103 IP" which pfsense sees but never answers.

wierd... may be it is happening because i did install 1.0-RC3 and upgraded to 1.0-Release...
i'll try to do fresh install from 1.0.1-CD

hoba

Yes, try a fresh install please.

tec

Hi Hoba,
I send you my config Files did you find an obvious error?

I am now on 1.0.1 and I can still confirm this strange error, that all of my forwardings on Opt-Wan are working when i plugg the cable from the Wan (Pppoe) Interface off and reboot the machine with a disconnecte WAN.

Maybe this could Help: I tried to connect to my FTP Server trough Opt-Wan. This Setup was working when the Pppoe_Wan Interface had no connectivity because the cables was pulled. I got the following logs in my Filezilla-Server-Log:
(000002) 11/2/2006 13:31:31 PM - (not logged in) (84.58.147.51)> Connected, sending welcome message…
(000002) 11/2/2006 13:31:31 PM - (not logged in) (84.58.147.51)> 220-FileZilla Server version 0.9.19 beta
(000002) 11/2/2006 13:31:31 PM - (not logged in) (84.58.147.51)> could not send reply, disconnected.

The interesting thin is, that I don't receive the welcoming message on my client. But in my Firewall log, the incoming connection is markes a succesfully passed. To me this seems, that something in the "NAT-department" is not working how it should.

svd

about my problem with second WAN.
i did fresh install - didnt' help. So i've tried
it as LAN NIC and ….....
it turned out that NIC card was broken.
i've never seen such strange problem before but
i'm happy that everyhing is working now.

tec

Hi,
I finally had time to Change my Wan Interface from PPPOE to a static Ip with a Modem router in front of it. After the change I rebooted. An now Portforwards are working with Advanced Outbound NAT on the OPT-WAN Interfaces and Policy Based routing.
From my point of view there seems something not real working if you use PPPOE on the WAN interface, maybe the developers could take a look into it.
Regards