Portfowarding not working
-
i dont see any dns traffic. when i open it with wireshark it says no pakets.
-
Nvm, I missed that you are testing your servers with an external tool…
-
i have nat refection unchecked. why do i need split DNS if i have my own name servers?
-
So, run tcpdump on pfSense - then you'll see if the packets are reaching the pfSense host.
-
im sorry but how do i do that?
-
i did it but it doesn't show anything
-
Then it suggests the packets aren't reaching your pfSense host.
One question, in your diagram you show your IP allocation as being 67.40.148.248/29. With that in mind, what's the default gateway? I see you're using .249 (typo in the diagram as 149), 250 and 251. .248 is the network address and .255 is the broadcast. That leaves .252 to .254, but you're using .254 for pfSense, so is it .252 or .253?
Also, have you configured VIPs for the other IP addresses?
-
67.40.148.248 is reserved .254 is for pfsense 255 is broadcast so .249 to .253 are usable. my isps default gateway is 63.231.10.241 which is set by pppoe. I have vips for the five usable ips
-
I assume your DNS servers can reach the Internet, as can the other hosts on the network? Having an off-network default gateway is odd, but I'm assuming that's normal for PPPoE (which I've never used).
If so, time to contact your ISP - if the packets aren't reaching the pfSense host then it means they are either blocking the traffic or there's a routing issue.
-
my dns servers can reach the internet and all other host on my network. I called my isp and they said that no ports where being blocked. but i noticed that i can reach my ispconfig server by useing the external ip http://67.40.148.249:8080 but when i us the domain name http://web1.dial4tech.com:8080 it wont work. when i do did on my dns servers it says connection timed out; no servers could be reached
-
Yes - if your DNS servers can't be reached then you can't use DNS names in your domain to reach any services on your domain… That really shouldn't be a surprise - and frankly if it is I'm not sure you should be running your own DNS servers (yes, I know that's a little harsh - but it's also true). Also note that I can't reach that URL you refer to - it's timing out for me - I'm assuming you remembered to do these tests from outside your own network.
At this point everything you've posted suggests either that you've got another device upstream that does filtering (DSL modem?) or your ISP is port blocking and their staff don't know that.
-
i understand how dns works i was just telling you that so you could understand better my situation. being able to reach my server with external ips means that they are working but my dns is being blocked some how. my isp says they aren't blocking anything. so i was thinking it may be my dns registrar.
-
Doubt it's your registrar since I can't hit your DNS servers directly with any port testing tool, using their IP.
Note that from the Internet I cannot reach the web server you specified.
-
it seems like my internal ips are only working on my lan. when i try to access the ip http:67.40.148.249:8080 outside my lan it wont work but i can on my lan. maybe my virtual ips aren't working.
-
Can you post a screenshot of the VIP configuration?
-
-
Nothing obviously wrong their either (though I'm not an expert on CARP/VIPs).
Next thing - what IP address is shown if you visit any of the "What's my IP" type pages such as this?
-
it shows my internal ip 192.168.1.82 but whatsmyip.org shows 67.40.148.249
-
The only last thing I can suggest is taking this to the CARP/VIP forum. I'm out of ideas I'm afraid.
-
i figured it out the qwest people told me the wrong ip range 67.40.148.249-253 its supposed to be 67.40.184.249-253 i noticed it when i was looking in the interfaces wan section lol. thanks for your help