Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding not happening :-(

    NAT
    2
    6
    4.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thermo
      last edited by

      Hi,
      I have a system with 3 NIC. Wan + Lan + 'Guest Use'. I installed 1.2.2 (I also tried 1.2.1 & 2.Alpha), everything seems to work except port forwarding.
      I have tried forwarding both FTP and MS-RDP.

      From the logs:

      
pf: 15\. 711343 rule 246/0(match): pass in on vr0: (tos 0x0, ttl 55, id 36640, offset 0, flags [DF], proto TCP (6), length 44) 83.223.124.XXX.45465 > 192.168.16.32.21: S, cksum 0xaf5a (correct), 640965060:640965060(0) win 5840

      And after some delay on the FTP server (192.168.16.32):

      
(000015) 11/03/2009 11:26:38 - (not logged in) (83.223.124.XXX) > connected to ip : 0.0.0.0
(000015) 11/03/2009 11:26:38 - (not logged in) (83.223.124.XXX) > sending welcome message.
(000015) 11/03/2009 11:26:38 - (not logged in) (83.223.124.XXX) > 220 Welcome message
(000015) 11/03/2009 11:26:38 - (not logged in) (83.223.124.XXX) > disconnected.

      I also noticed this appear in the system logs when an incoming connection is started:

      
kernel: arpresolve: can't allocate route for 86.98.146.XX [this is the WAN IP]
Mar 11 11:40:27 	kernel: arplookup 86.98.146.XX failed: host is not on local network

      Can anyone shed some light on this please?

      Edited to add:

      • The WAN is connected to a consumer DSL modem with DHCP.
      • PPPTP redirection to the internal server works!
      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        FTP is a whole separate bag of suck, so I would concentrate on getting something like RDP or HTTP working first.
        That should be pretty straightforward, but triple check the port forward and WAN firewall rules.
        How exactly is the WAN configured? Is the modem bridged somehow so the WAN is getting the 83.223.124 address?
        What's the gateway and subnet mask on the WAN?

        1 Reply Last reply Reply Quote 0
        • T
          thermo
          last edited by

          Hi dotdash, I tried FTP as it was the easiest way for me to get to the logs.
          Re. the firewall rules, I have checked, double checked, reinstalled, cleared everything and started again to no avail.
          The wan NIC is connected to a dlink DSL modem(DSL-320T), and the wan is assigned a public IP address via DHCP from the modem.
          Note that in the FTP logs, it seems to be connected to remote host 0.0.0.0 (I failed to mention this in my previous post)

          The current NIC config is :

          WAN*                     ->   vr0     ->      86.98.?.?(DHCP)
            OPT1(Guest)*          ->   vr1     ->      192.168.10.1
            LAN*                      ->   fxp0    ->      192.168.16.240

          The last entry in /var/db/dhclient.leases.vr0

          
lease {
  interface "vr0";
  fixed-address 86.98.?.?;
  option subnet-mask 255.255.255.255;
  option routers 86.98.?.?;
  option domain-name-servers 213.42.20.20;
  option host-name "pfsense";
  option dhcp-lease-time 60;
  option dhcp-message-type 5;
  option dhcp-server-identifier 192.168.1.1; (dsl modem IP)
  renew 4 2009/3/12 18:19:48;
  rebind 4 2009/3/12 18:20:10;
  expire 4 2009/3/12 18:20:18;
}

          nat rules
          WAN           TCP  3389 (MS RDP)  192.168.16.2  (ext.: 86.98.?.?) 3389 (MS RDP)  
          WAN           TCP           21 (FTP)          192.168.16.32(ext.: any)         21 (FTP)
          1:1 is empty
          Outbound is on manual and has 2 entries:
          WAN    192.168.16.0/24  *  *  *  *  *  NO
          WAN    192.168.10.0/24  *  *  *  *  *  NO

          Firewall Rules on WAN
          TCP  *  *  192.168.16.32  21 (FTP)           *  - 
          TCP  *  *  192.168.16.2  3389 (MS RDP)  *  -

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            Check Status, Interfaces for WAN. What does it show for your subnet mask and gateway?
            That D-Link isn't a NA model (that makes sense as those are RIPE blocks), but It looks like it can be put into bridge mode. You might want to try bridging the modem and changing your WAN to PPPoE. And seriously, forget about the ftp until after you get the rdp working. Then go back and read all the ftp troubleshooting stuff.

            1 Reply Last reply Reply Quote 0
            • T
              thermo
              last edited by

              hello again,
              Status->interfaces
              Subnet mask  255.255.255.255
              Gateway link#1

              The Dlink is actually a DSL-322T, it seems to be only sold in the middle east, I quoted the 320T which is a similar EU model and has more information online about it.

              I changed it to bridged mode, and entered the login details under the PPPoE. It now shows:

              Subnet mask  255.255.255.255
              Gateway 213.42.4.31

              RDP WORKS!  :D
              FTP doesn't work, but that's for another day!

              One last question, I noticed I can no longer access the modem web page (192.168.1.1) from the LAN (192.168.16/24), does this mean I have to change to modem IP to something on 192.168.16.?

              Edited to add: Many thanks for your time/help.

              1 Reply Last reply Reply Quote 0
              • dotdashD
                dotdash
                last edited by

                I don't use bridged mode very often, but I generally plug a laptop directly into a bridged modem if I need to access it. There are numerous threads asking the same question you did. This might be a good place to start http://forum.pfsense.org/index.php/topic,5727.msg34562.html#msg34562

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.