Pass specific IP through to LAN, port forwarding, firewall rules

Konstanti

Do not pay attention to the Russian language
Everything is clear
What ports do I need to forward for Hyper Backup
What you're doing is wrong.

0_1549208396314_c5a0753d-955d-456e-a6ac-f4414e015c93-image.png

Konstanti

@akjim
The first picture shows that pf is blocking tcp port 6281

AKJim

@konstanti Yes, I know that. Hyperbackup is set up correctly. I just need to get the connection through the netgate to the Blacksburg DS. Without the netgate in the system everything works perfectly.

Konstanti

@akjim

0_1549208759667_0047344d-1960-4d94-9d00-9abc14b8ca9d-image.png

This way, the required ports are forwarded
Everything else need to disable and remove
https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html

AKJim

@konstanti OK, so a single port forwarding rule without a specified single host defined. No corresponding firewall rule is required?

Konstanti

@akjim

0_1549209547187_9ac8b652-26f2-4d37-8166-e24bb1429378-image.png

pf will create the rule automatically
for example
0_1549209750534_2ae5df67-a3ae-4466-82ec-a32f58fd54df-image.png

0_1549209678147_1d526703-abac-4f10-963e-ffe07ed63848-image.png

AKJim

Hmmm ..... it's still not going through. I'll delete the rule again, reboot the netgate and start fresh. I appreciate your help. Be back after the fresh start ....

Konstanti

@akjim

We have to start over

remove and disable all that in the pictures ( this is wrong)
create port forwarding for 6281 (nat / port forwarding)
check that the rule on the wan interface also appeared
try to connect

how is port forwarding configured on the router ?

AKJim

@konstanti said in Pass specific IP through to LAN, port forwarding, firewall rules:

@akjim

We have to start over

remove and disable all that in the pictures ( this is wrong)

create port forwarding for 6281 (nat / port forwarding)

check that the rule on the wan interface also appeared

try to connect

Yes, I have removed all rules, then rebooted the device.
Yes, done
Yes:
Still rejected by device firewall:

Konstanti

@akjim
show me the rules on the wan interface

AKJim

@akjim Port forwarding on the router is good, this traffic is being stopped by the netgate appliance only. If I remove the netgate appliance (pfSense) then everything works correctly.

AKJim

@konstanti said in Pass specific IP through to LAN, port forwarding, firewall rules:

@akjim
show me the rules on the wan interface

0_1549211955107_dab2a242-d591-44cc-90fc-30ee4689c97c-image.png
0_1549211972674_76e3ae0a-3923-4d6e-a30d-2976762b0c38-image.png
0_1549211990825_9ff718a1-4856-4990-999f-aec75f61d31b-image.png

Konstanti

@akjim
this is not what we need

i need
/firewall/rules/wan

Konstanti

@akjim

and I need a full log entry.
to see what pf is blocking
Status/System Logs/Firewall/Normal View
where you will see :interface, source, destination, port, protocol

AKJim

@konstanti said in Pass specific IP through to LAN, port forwarding, firewall rules:

@akjim
this is not what we need

i need
/firewall/rules/wan

1_1549212815787_pfSense problem 00002.png 0_1549212815787_pfSense problem 00001.png

Konstanti

@akjim

here's what I need
the picture with all the rules
for example ,

0_1549212994252_33e9ee16-3061-4362-be3d-15957cb12a15-image.png

AKJim

@konstanti There is only this one, single rule ..... !

Konstanti

@akjim
firewall log ???

0_1549213323003_4ab3ff2d-9bde-4633-addb-ce4ebf6e95c9-image.png

AKJim

@konstanti Sorry for slow responses, the forum limits me as a new user to 1 post every 3 minutes. Here is the firewall log:
0_1549213427032_cef3eb42-224e-4ff0-bc88-9e30f99dd7fb-image.png

Konstanti

@akjim
64.4.23.126 !!!!!!! - port forwarding rule
error in source address
64.4.231.126 - block !!!!!