Incoming Connections establish but then timeout

hessie · May 22, 2007, 5:08 PM

Hi !

I've set up Multiple-WAN like described in the manual.

Everything works fine except incoming connections do not work correctly. I've set up NAT Rules and let pfSense do the FW Rules automatically for Port 5090 (VNC) to one machine.

When I try to connect to one of my external IP's on port 5090 VNC says "Connecting to.." Then "Connection established" and after that it times out after 3 minutes.

Is there any other rule to set ? Maybe that pfsense does NOT load balance this connection and simply sends the answer back on the same interface it got in ?

Thanks

jeroen234 · May 22, 2007, 5:15 PM

i think its the ather way
that the antser from youre pc is comming from the other wan
and then you will never get a conect

setup rules so that youre pc is sending its antser to to the same wan that the reqest came from

hessie · May 22, 2007, 5:25 PM

Thats the way I'd like to do it, but how ? :)

UDP requests change their ports when they answer…

VNC AFAIK is TCP, so the connections comes from (example) 123.123.123.123 to my router with
111.111.111.111:5090

The router forwards this to my pc and this answers over a random port like 11421 to the other machine..

How should pfSense know that the outgoing connection on port 11421 is the answer to the request on port 5090 ??!

hessie · May 22, 2007, 5:35 PM

I tried this now by letting my ip only access the internet via one interface. Added a Firewall Rule which forces any traffic from my internal ip through one interface.

Still the same problem.. VNC connects, says established but after that it times out ??!

???

techatdd · May 22, 2007, 5:56 PM

@hessie:

I tried this now by letting my ip only access the internet via one interface. Added a Firewall Rule which forces any traffic from my internal ip through one interface.

Still the same problem.. VNC connects, says established but after that it times out ??!

???

Have you tried your NAT rule only with TCP or TCP/UDP? I remember a ugly bug only affecting TCP/UDP NAT rules.

hessie · May 22, 2007, 7:24 PM

Used TCP only…

The Port is open but it goes no traffic over it.. at least that is what it looks like...

I tried it with telnet too.. Connected to the server. The connection opens, and then the
cursor just blinks.. nothing happens..

Tried it now with a couple of other service like http and other tcp based services.. they do all not work.. same problem everywhere.. ?!?

I also tried starting a service directly on pfsense, opened up the port in the firewall and .... same problem !

must be something else.. but I've no idea...

EDIT:

When I connect from outside and run "netstat -an" on the machine which runs the service it tells me SYN_RECEIVE for the entry with the correct outside ip for 5-10 seconds. After that, the entry is gone and nothing else happens...

Should'nt there be something like ESTABLISHED or so ?

EDIT #2:
The Web-Interface of pfSense does also not work from outside even though the ports are opened. Internally it works fine, externally I only get "Waiting...." in Firefox after it has connected to the server. Exactly the same problem I have with the services behind pfSense...

hessie · May 23, 2007, 12:21 PM

I finally found the error after reinstalling pfSense … :-\

The modem in front of pfSense "ate" all responding connections.. Have no idea why, after a power cycle it worked... :o

Pootle · May 23, 2007, 1:15 PM

Have you still got the PC locked to one WAN in pfsense?

hessie · May 23, 2007, 2:29 PM

Nope, since its a fresh install of pfSense I only did the basic routes + MultiWAN setup.. Works like a charm now.. Even without advanced outbound NAT…

I just wonder what hickup my modem/router had...