[Resolvido] Não acessa com IP Externo a partir da rede Interna
-
:DBom dia,
Pesquisei bastante, fiz vários procedimentos e não deu certo.
Meu cenário
PFsense Versão 2.1.5 RELEASE(I386)
CPU AMD Sempron 2200+
Memoria: 1,5GBServiços
Proxy < Desativado
SquidGuard < Desativado
DHCP
DNSPROCEDIMENTOS QUE REALIZEI
-
Marquei "NAT Reflection mode for port forwards" selecionando a opção (Enable NAT+Proxy).
-
Desmarquei as Opções em: interfaces > wan > Private networks
CAPTURA NO WIRESHARK < Essa captura é da mesma maquina que tentei acessar por RDP um servidor que está na rede interna com o endereço IP da rede Externa (187.75.X.X)
CAPTURA NO PFSENSE INTERFACE WAN
11:17:30.511911 IP 192.168.200.10.33525 > 187.75.x.x.7000: tcp 0
11:17:30.512401 IP 187.75.x.x.7000 > 192.168.200.10.33525: tcp 0
11:17:31.013779 IP 192.168.200.10.43809 > 187.75.x.x.7000: tcp 0
11:17:31.014153 IP 187.75.x.x.7000 > 192.168.200.10.43809: tcp 0
11:17:31.513643 IP 192.168.200.10.39378 > 187.75.x.x.7000: tcp 0
11:17:31.514028 IP 187.75.x.x.7000 > 192.168.200.10.39378: tcp 0CAPTURA NO PFSENSE INTERFACE LAN
11:28:17.826050 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 104
11:28:17.929711 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 90
11:28:17.929917 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
11:28:18.042318 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 111
11:28:18.145732 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
11:28:18.145946 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
11:28:18.155736 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 136
11:28:18.272158 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 90
11:28:18.471017 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 41
11:28:18.471288 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
11:28:18.587542 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
11:28:18.597368 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 142
11:28:18.697699 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
11:28:18.707361 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 73
11:28:18.904112 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 104
11:28:19.071892 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 69
11:28:19.072056 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
11:28:19.176155 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
11:28:19.186344 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 84
11:28:19.391965 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:19.400033 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 41
11:28:19.502842 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 55
11:28:19.503077 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
11:28:19.632140 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 34
11:28:19.642449 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 97
11:28:19.734650 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 41
11:28:19.744104 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 33
11:28:19.806453 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 33
11:28:19.855854 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 33
11:28:19.862052 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:19.904433 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 33
11:28:19.917924 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 48
11:28:19.921100 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 71
11:28:19.922971 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 53
11:28:19.958012 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:19.976962 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:20.022527 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:20.083075 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:20.215117 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 34
11:28:20.290519 IP 192.168.0.252.51022 > 187.75.X.X.7000: tcp 0
11:28:20.291131 IP 187.75.X.X.7000 > 192.168.0.252.51022: tcp 0
11:28:20.320348 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
11:28:20.320565 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
11:28:20.330479 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 50
11:28:20.480674 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 34
11:28:20.490494 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 45
11:28:20.625034 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 34
11:28:20.634531 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 115
11:28:20.694134 IP 177.139.162.88.1279 > 192.168.0.253.7000: tcp 34
11:28:20.789936 IP 177.139.162.88.1279 > 192.168.0.253.7000: tcp 111
11:28:20.790812 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 0
11:28:20.802102 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 1452
11:28:20.802225 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 1452
11:28:20.811950 IP 192.168.0.252.51022 > 187.75.X.X.7000: tcp 0
11:28:20.812866 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:20.812911 IP 187.75.X.X.7000 > 192.168.0.252.51022: tcp 0
11:28:20.901280 IP 177.139.162.88.1279 > 192.168.0.253.7000: tcp 0
11:28:20.901718 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 1452
11:28:20.904329 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 120
11:28:20.992157 IP 177.139.162.88.1279 > 192.168.0.253.7000: tcp 0
11:28:21.115716 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 205
11:28:21.326210 IP 192.168.0.252.51022 > 187.75.X.X.7000: tcp 0
11:28:21.327267 IP 187.75.X.X.7000 > 192.168.0.252.51022: tcp 0
11:28:21.360166 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:21.926663 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 86
11:28:22.014086 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 62
11:28:22.026817 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 219
11:28:22.068076 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.077235 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 67
11:28:22.233679 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.259043 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 100
11:28:22.259071 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.259094 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.259114 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.259133 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.317956 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.318223 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.318259 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.319682 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.319897 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.319931 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.388178 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.388427 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.388486 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.393049 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.393216 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.393254 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.441904 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.442122 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.442181 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
11:28:22.446103 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.446286 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 67
11:28:22.446466 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 469
11:28:22.501072 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.501604 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 1415
11:28:22.501722 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 1399
11:28:22.505046 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
11:28:22.505488 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 1334
11:28:22.505607 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 1372
11:28:22.557033 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 54OBS: Instalei o servidor DNS no PFsense porque não tinha outro servidor fazendo essa função, porém, só instalei não fiz nenhuma configuração nem criei Hosts (A).
Acredito que seja um método fácil, o difícil é encontrar ele. ;D
-
-
Olá LeaoNarrdo,
Pelo que vi você está fazendo um NAT para acesso a uma máquina com endereço privado, não é?
Acredito que você já tenha visto algum video, mas um que me ajudou a configurar NAT foi esse do link abaixo:
https://youtu.be/ufb_tjPIH_o?t=780
Talvez ajude!
Att.
-
Só uma observação não esqueça de fazer um DMZ do modem ADSL para o ip da sua WAN no pfSense.
-
Ainda não deu certo;
Fiz mais duas capturas de pacotes.
De um computador Externo:
14:02:14.866215 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:14.867103 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 41
14:02:14.867290 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:14.869098 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 55
14:02:14.870272 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 62
14:02:14.870442 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:14.871553 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 76
14:02:14.873051 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 111
14:02:14.873219 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:14.875243 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 90
14:02:14.876189 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 90
14:02:14.876351 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:14.876451 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 33
14:02:14.878735 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 76
14:02:14.884211 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 635
14:02:14.884461 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:14.884879 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:14.888399 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 123
14:02:14.889716 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 121
14:02:14.904057 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 139
14:02:14.974257 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 0
14:02:15.015212 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 0
14:02:15.024282 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:15.157257 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 48
14:02:15.157497 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:15.346091 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:15.467719 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 118
14:02:15.468035 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:15.613047 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 97
14:02:15.703167 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 111
14:02:15.703419 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:15.821560 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 125
14:02:15.966710 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 118
14:02:15.966987 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:16.037251 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 104
14:02:16.209214 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 125
14:02:16.209538 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:16.315442 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 83
14:02:16.315766 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 33
14:02:16.323703 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 60
14:02:16.376051 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 0
14:02:16.438760 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 90
14:02:16.536153 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:16.536431 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:16.803515 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:16.961123 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:16.961363 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:17.087540 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 41
14:02:17.302658 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 41
14:02:17.302950 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:17.430791 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:17.446957 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 47
14:02:17.501701 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
14:02:17.501991 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0
14:02:17.546800 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
14:02:17.546914 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 37
14:02:17.549797 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0
14:02:17.549893 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 11
14:02:17.595573 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
14:02:17.596244 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 454
14:02:17.596955 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 532
14:02:17.598731 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:17.645733 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
14:02:17.645924 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 8
14:02:17.646093 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0
14:02:17.646281 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 11
14:02:17.690164 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
14:02:17.693016 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
14:02:17.700594 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 222
14:02:17.738164 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
14:02:17.738439 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
14:02:17.805961 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 586
14:02:17.818736 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
14:02:17.818952 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
14:02:17.867604 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 0
14:02:17.898329 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
14:02:17.898586 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
14:02:17.946128 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
14:02:17.946342 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
14:02:17.987946 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
14:02:17.988238 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
14:02:18.077071 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
14:02:18.077346 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
14:02:18.123396 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 287
14:02:18.123736 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 361
14:02:18.123954 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0
14:02:18.130332 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 34
14:02:18.155350 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
14:02:18.189710 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 426
14:02:18.237376 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
14:02:18.243927 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
14:02:18.247661 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 90
14:02:18.247854 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
14:02:18.265261 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 431
14:02:18.265287 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 49
14:02:18.265358 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 53
14:02:18.265620 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 53
14:02:18.265855 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 53
14:02:18.265993 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 48
14:02:18.266016 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0De um computador Interno
14:05:12.243510 IP 192.168.200.10.59863 > 187.75.X.X.7000: tcp 0
14:05:12.244380 IP 187.75.X.X.7000 > 192.168.200.10.59863: tcp 0
14:05:12.743199 IP 192.168.200.10.17004 > 187.75.X.X.7000: tcp 0
14:05:12.743622 IP 187.75.X.X.7000 > 192.168.200.10.17004: tcp 0
14:05:13.243247 IP 192.168.200.10.34890 > 187.75.X.X.7000: tcp 0
14:05:13.243656 IP 187.75.X.X.7000 > 192.168.200.10.34890: tcp 0Notem que a porta de origem no IP 192.168.200.10 muda, isso tem algum problema?
-
CONSEGUI 8)
Depois de fazer todos os passos descritos acima, não tinha conseguido fazer funcionar.
Foi muito simples resolver!
Solução que encontrei
Criei uma regra de NAT (Firewall > NAT > Port Forward)
Interface: LAN
Source: Lan Net
Source port range: any
Destination: Single Host or Alias IP: 187.75.X.X < Ip da Rede Externa
Destination port range: 7000 < Parta da minha Aplicação
Redirect target IP: 192.168.0.253 < IP do Servidor
Redirect target port: 7000