Port forwarding problem
-
@johnpoz You mean I need to change WAN for Lan and LAN for wan?
-
pfsense WAN is the network that allows you to get to other networks, this is normally the internet, but it could also be another internal network... Your default gateway on pfsense is pointing to 10.200.40.254... This is the WAN network to pfsense.
This other network attached to xn0 192.168.50.0/24 is pfsense LAN..
If you want devices that reside on this wan network to get to 192.168.50, then you would port forward on wan and point to the lan devices. Devices on wan would have to hit pfsense WAN IP...
If you want devices on lan to get to wan IPs then the default lan rules allows this.. And outbound nat would nat to this 10.200.40 address pfsense.
Your problem could be if you port forward from wan to lan, is if clients on lan 192.168.50 are not using pfsense for their gateway, they would not know how to get back to this 10.200.40 network.
Your problem with lan talking to wan 10.200.40, could be if you turned off natting, and those devices would not know how to get back to 192.168.50
This is your network right?
Other devices on 10.200.40 use .254 as their gateway right..
And devices on 192.168.50 use pfsense as their gateway .21 right.. This is pfsense LAN!!10.200.40 is pfsense WAN!!
If you have it pfsense the other way around, then its BORKED!!! Setup pfsense wan interface to be your 10.200.40.180 (gateway set to 10.200.40.254) and LAN to be 192.168.50.21 (no gateway set)
-
So in the 192.168.50.4 i have:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.50.0 192.168.50.1 255.255.255.0 UG 0 0 0 eth0
192.168.50.0 * 255.255.255.0 U 0 0 0 eth0
10.200.40.0 * 255.255.255.0 U 0 0 0 eth1
default 10.200.40.254 0.0.0.0 UG 0 0 0 eth1 -
Huh??
So you have a multi homed device in 192.168.50???
What device is this
192.168.50.1Dude DRAW your MESS!!!
-
Yes it can be reached directly by the 10.200.40 network.. maybe I need to add the route of the pfsense ip in the eth0 even If I have all the net 192.168.50.0 on this interface?
-
What.... OMG dude sounds like you have a real freaking cluster F.... Why do you have a multi homed device... And it has a interface in the 192.168.50 network, its sure and the F does not need a gateway to get to the 192.168.50 - which is what your showing at 192.168.50.1
I would love to help you straighten your mess out... But can not help you without understand the full scope of your mess and what your trying to accomplish.
-
@johnpoz said in Port forwarding problem:
nd it has a interface in the 192.168.50 network, its sure and the F does not need a gateway to get to the 192.168.50 - which is what your showing at 192.168.50.1
The 192.168.50.1 it´s another host in the 50 network as a gw.
This doesn´t matter even when I have the 192.168.50.0 pointing to the interface.. all the related and established by directly connected network doesnt need the GW.. -
@johnpoz TheScope of forward wanted IS
10.200.40.132 (outgoing port) > 10.200.40.180(pfsense) port 999 (xn1) > forward(nat) 192.168.50.4:999 xn0
As can you see in the tcpdump the packages are not nated are come to the 192.168.50.4 as 10.200.40.132 and back by the default gw in the eth1 as you can see in the route table of the 192.168.50.4 host. -
@fakauy said in Port forwarding problem:
10.200.40.132 (outgoing port) > 10.200.40.180(pfsense) port 999 (xn1) > forward(nat) 192.168.50.4:999 xn0
Here is where you going to have a problem... Your .4 host has an interface in 10.200.40 so he will answer back via his other connection.
You would have to source nat it to the 192.168.50.21 address if you want .4 to send it back to pfsense...
Pfsense doesn't nat port forwards, only outbound nats..
Why would you want to hit 192.168.50.4 when you can just hit on its 10.200.40 address?
Your clients going not going to accept such an answer... because they sent it to 10.200.40.180, why would 10.200.40.x be sending me an answer, etc. etc.
-
@johnpoz said in Port forwarding problem:
Why would you want to hit 192.168.50.4 when you can just hit on its 10.200.40 address?
The 10.200.40 address its from one interface that´s need to be clear of traffic in this host (192.168.50.4)
-
@johnpoz I haved tested of remove this interface in 192.168.50.4 and didnt work.
-
Then you have to source nat..
The network makes ZERO sense.. .What exactly are you wanting to accomplish, once you multihome a device and put interfaces in networks on each side of a firewall - you basically make that firewall pointless.
-
What??? Removed what interface? The 200, then trouble shoot your port forward.. You did on pfsense WAN?
Did you change the .4 box to point to .21 as its default gateway? If not it wouldn't know how to get back to the 10.200
-
@johnpoz said in Port forwarding problem:
You did on pfsense WAN?
No only Haved tested to remove the 10.200 interface on the 192.168.50.4 and now I pointed a static route.. in this host..
Now looks:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.200.40.132 192.168.50.4 255.255.255.255 UGH 0 0 0 eth0
192.168.50.0 192.168.50.1 255.255.255.0 UG 0 0 0 eth0
192.168.50.0 * 255.255.255.0 U 0 0 0 eth0
10.200.40.0 * 255.255.255.0 U 0 0 0 eth1
default 10.200.40.254 0.0.0.0 UG 0 0 0 eth1 -
@fakauy This didnt work.
-
Why and the F would you think that would work... It still has its 10.200.40.x interface..
If you want this to work while the box still has a 10.200 interface then you have to SOURCE nat it at pfsense.. Period, end of story..
Or you have to talk to it on its 10.200 interface..