*HELP* NAT Issue 1:1 and Port Forward dual WAN
-
I have 2 NAT issues..
( 1:1 NAT ISSUE )
Dual WAN Verizon 71.251.9X.XX0 and Bright House 97.79.4X.X14
Default WAN is Verizon..
I have 3 1:1 NAT's
Verizon –- 71.251.9X.XX1 --- 192.168.0.XX9 --- *
BrightHouse --- 97.79.4X.X16 --- 192.168.0.XX7 --- *
BrightHouse --- 97.79.4X.X20 --- 192.168.0.XX8 --- *So they all work but a problem I have is say the Verizon one when I go to ipchicken I get the right ip 71.251.9X.XX1 not 71.251.9X.XX0 so 1:1 is working in and out. But the Bright House is going out Verizon on 71.251.9X.XX0 rather then 97.79.4X.X16 or 97.79.4X.X20 for the nat rules.
I did try and setup an outbound nat as I have it set to "Manual Outbound NAT rule generation
(AON - Advanced Outbound NAT)" but that made no change.( FTP Port forward issues)
I have an FTP server setup on 71.251.9X.XX0 and it works local no issues, out side it does not work. But I see pfsense pass the rule and I see in the FTP log it makes it there.
Failed remote sesion:
14:55:32 71.180.1X3.2XX 192.168.0.XX9 21 [17]USER anonymous 331 0
14:55:32 71.180.1X3.2XX 192.168.0.XX9 21 [17]PASS chrome@example.com 230 0
14:55:32 71.180.1X3.2XX 192.168.0.XX9 21 [17]CWD / 250 0Good Local connection:
14:42:50 192.168.0.XX9 [2]USER anonymous 331 0
14:42:50 192.168.0.XX9 [2]PASS chrome@example.com 230 0
14:42:50 192.168.0.XX9 [2]CWD / 250 0
14:42:50 192.168.0.XX9 [2]QUIT - 226 0One thing I see that the remote session is not doing is "14:42:50 192.168.0.XX9 [2]QUIT - 226 0" but I am unsure why. I have ports 20-21 going to the windows ftp server. But it just dies off.
Any help would be great.
-
I do see this in the show states for:
VERIZON tcp 192.168.0.xx9:21 (71.251.9x.xx0:21) <- 71.180.18x.xx9:52622 FIN_WAIT_2:FIN_WAIT_2
LAN tcp 71.180.18x.xx9:52622 -> 192.168.0.xx9:21 FIN_WAIT_2:FIN_WAIT_2
VERIZON tcp 192.168.0.xx9:21 (71.251.9x.x0:21) <- 71.180.18x.xx9:52639 ESTABLISHED:ESTABLISHED
LAN tcp 71.180.18x.xx9:52639 -> 192.168.0.xx9:21 ESTABLISHED:ESTABLISHEDSeems all the FTP connections are doing "FIN_WAIT_2:FIN_WAIT_2" rather then ESTABLISHED:ESTABLISHED.
-
I got FTP to work by setting the passive port range on the ftp server then opening those ports with a nat rule to 192.168.0.xx9 for the ports I opened.
Seems to be working in chrome in IE I had to turn off passive mode on a remote client to make it work. That seems odd since it worked in chrome but not IE until I turned that off and my understanding that forces it to 20 -21 any way and those were already open.