Problem with NAT. Can't forward port from WAN to LAN.
-
Thanks for fast reply.
I already did it. The gateway is pointing to 192.168.10.252 wich is the LAN IP of PFSense
Firewall Disabled.The RDP access work fine from LAN.
-
Working from LAN means nothing. Check the firewall on the host to be sure it allows connections from OTHER THAN LAN.
-
The Firewall on Host is disabled.
The Antivirus is disabled.
I also tried with other Windows Server on the network, same problem.
And tried with other service (DVR) in other host, same problem.
Thanks for helping !
Sorry for my poor english. -
Well, there's not much else to a port forward, so it has to be something. Does tcpdump on LAN show the SYNs going from 177.143.120.78 to 192.168.10.251:3389? What states are created? (Diagnostics > States).
Load sharing… Are you sure you have the port forward on the interface that has the IP specified? Are the clients connecting to the right interface?
-
I'm new with PFSense and TCPDump, sorry if it's not what you ask.
I Run TCPDump and try to connect with RDP.
==================
em1 -> LAN[2.1.5-RELEASE][root@host]/root(14): tcpdump -ni em1 | grep 192.168.10.251.3389
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes
23:36:44.807796 IP 177.143.120.78.45783 > 192.168.10.251.3389: Flags [ S ], seq 3165976847, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:36:44.807877 IP 192.168.10.251.3389 > 177.143.120.78.45783: Flags [S.], seq 3448840707, ack 3165976848, win 16384, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
23:36:44.832998 IP 177.143.120.78.45783 > 192.168.10.251.3389: Flags [.], ack 1, win 4380, length 0
23:36:44.833113 IP 192.168.10.251.3389 > 177.143.120.78.45783: Flags [R], seq 3448840708, win 0, length 0
23:36:44.839389 IP 177.143.120.78.45783 > 192.168.10.251.3389: Flags [P.], ack 1, win 4380, length 19
23:36:44.839444 IP 192.168.10.251.3389 > 177.143.120.78.45783: Flags [R], seq 3448840708, win 0, length 0======================
[2.1.5-RELEASE][root@macfw001.macco.local]/root(12): tcpdump -ni em1 | grep 177.143.120.78
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes
23:35:59.469877 IP 177.143.120.78.46898 > 192.168.10.251.3389: Flags [ S ], seq 1760568614, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:35:59.469985 IP 192.168.10.251.3389 > 177.143.120.78.46898: Flags [S.], seq 408005352, ack 1760568615, win 16384, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
23:35:59.492434 IP 177.143.120.78.46898 > 192.168.10.251.3389: Flags [.], ack 1, win 4380, length 0
23:35:59.492551 IP 192.168.10.251.3389 > 177.143.120.78.46898: Flags [R], seq 408005353, win 0, length 0
23:35:59.505291 IP 177.143.120.78.46898 > 192.168.10.251.3389: Flags [P.], ack 1, win 4380, length 19
23:35:59.505347 IP 192.168.10.251.3389 > 177.143.120.78.46898: Flags [R], seq 408005353, win 0, length 0
23:36:00.260803 IP 177.143.120.78.33622 > 192.168.10.251.59387: UDP, length 97
23:36:00.289429 IP 177.143.120.78.33622 > 192.168.10.251.59387: UDP, length 40
23:36:00.289537 IP 192.168.10.251.59387 > 177.143.120.78.33622: UDP, length 52
23:36:05.662522 IP 177.143.120.78.39432 > 192.168.10.251.3389: Flags [ S ], seq 871328353, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:36:05.662592 IP 192.168.10.251.3389 > 177.143.120.78.39432: Flags [S.], seq 939867809, ack 871328354, win 16384, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
23:36:05.684492 IP 177.143.120.78.39432 > 192.168.10.251.3389: Flags [.], ack 1, win 4380, length 0
23:36:05.684594 IP 192.168.10.251.3389 > 177.143.120.78.39432: Flags [R], seq 939867810, win 0, length 0
23:36:05.691017 IP 177.143.120.78.39432 > 192.168.10.251.3389: Flags [P.], ack 1, win 4380, length 19
23:36:05.691078 IP 192.168.10.251.3389 > 177.143.120.78.39432: Flags [R], seq 939867810, win 0, length 0
^C189 packets captured
191 packets received by filter
0 packets dropped by kernel=======================
There are just a LAN interface, it's connected in the LAN Switch and all Hosts are surfing ok, accessing PFSense as gateway and Proxy/Squid/SquidGuard is working fine.
STATES with 177.143.120.78 (Filtered)
tcp 200.200.200.200:40022 <- 177.143.120.78:48036 ESTABLISHED:ESTABLISHED
udp 177.143.120.78:33622 <- 192.168.10.251:59387 MULTIPLE:MULTIPLE
udp 192.168.10.251:59387 -> 200.200.200.200:30913 -> 177.143.120.78:33622 MULTIPLE:MULTIPLE
tcp 200.200.200.200:40443 <- 177.143.120.78:36373 TIME_WAIT:TIME_WAIT
tcp 200.200.200.200:40443 <- 177.143.120.78:42641 ESTABLISHED:ESTABLISHED
tcp 200.200.200.200:40443 <- 177.143.120.78:49046 TIME_WAIT:TIME_WAIT
tcp 200.200.200.200:40443 <- 177.143.120.78:46285 ESTABLISHED:ESTABLISHED -
Image with the Rule and NAT.
-
I guess I give up. I could do the same port forward 1000 times and it would work every time.
Your network is in an extremely insecure state right now.
-
It looks like the NAT is working, to me. No idea why you can't establish a session.
-
I put the network in this open situation for testing this NAT problem.
Thanks a lot for you help. I think I'll try to reinstall PFSense.
Regards,
Wellington
-
"23:35:59.492551 IP 192.168.10.251.3389 > 177.143.120.78.46898: Flags [R], seq 408005353, win 0, length 0"
Sure looks like box your trying to rdp to, and was correctly forwarded by pfsense is sending RESET
So what does that have to do with pfsense?? Why don't you download the sniff and open it in wireshark.. But you need to look on the box to see why its sending RESET!!
-
Probably disallowing connections from foreign networks but he doesn't want to listen. "It works fine from LAN."
-
Hi farion
Your dropbox-links are annoying, because they are no longer available - and therefore other users can not benefit from this post: your pictures are missing now :-(
It would help if you just attach pictures to your posts as other users are doing.
Thanks a lot in advance,
kind regards,
Tom