2 WAN&1LAN setup, NAT not working
-
Hi,
I have two internet providers, one is configured on WAN having it's own GW-WAN and OPT1 having it's own GW-OPT1. In my LAN I have one mail server and would like to forward port 110 to it. I have set up 2 NAT rules, one for WAN address and one for OPT1 address, both pointing to internal IP on port 110 TCP.
Now the strange thing:
telnet WAN 110 -> works fine
telnet OPT1 110 -> does not workI have monitored the incoming traffic and see the source IP where I launched the telnet command in the list. What am I doing wrong? In the past everything worked fine. I have just done a fresh install with 2.5.1. Here it doesn't work anymore.
Thanks, Zoltan
-
Known issue:
https://redmine.pfsense.org/issues/11805 -
@slu Thanks a lot for the quick update. Any idea when 2.6.0 is planned to be released?
-
@zotyo
no.
Waiting for weeks now... -
I would like to know if my problem is the same case.
Currently my set up is
I follow KOM's reply in my Post.
https://forum.netgate.com/topic/163653/two-public-ip-a-b-one-dhcp-how-to-make-specific-internal-ip-use-ip-b?_=1622370294809I use this code to verify that I am using the second IP.
wget -qO - https://wtfismyip.com/textHowever, today I want to test the Port Forward solution, I find that I am not able to use port in another IP.
Is my case suffered from the bug which you mention?Sorry for my English.
-
@testcb00 In my personal case I don't have the ASUS AC68U router. Both public IPs go directly to pfsense. I have read the message you were referring to and it looks a bit different then the one you are mentioning above. But I will try to answer your question.
first of all: is your pfsense LAN in the same network as your Jail? If yes, then it should work, but only if your IP A is your main WAN connection on pfsense. If not, in my opinion, you should be affected by this bug.
-
If you're running 2.5.1 you're affected from this bug likewise.
However, with a router in front of one WAN interface, you may do a workaround if it is capable of masquerading on inbound connections.
So you could configure WAN B as your default gateway, while WAN A doesn't need any gateway due to masquerading. -
@zotyo
Sorry for my misleading, IP B is my main WAN for pfSense. For other TrueNAS Jail (in default gateway - IP B), I can do port forwarding.
I can do port forwarding to my Raspberry Pi (direct connect to AC68U (IP A) in my Router. -
@viragomann
Currently IP B is my default Gateway. Today I add IP A (my previous network) as second WAN.
Do you mean that I can do some config in pfSense to get the IP A (second WAN) port forwarding function? -
@testcb00 said in 2 WAN&1LAN setup, NAT not working:
Do you mean that I can do some config in pfSense to get the IP A (second WAN) port forwarding function?
As I mentioned, it depends on the capabilities of the router in front of the WAN interface. I don't know it. If it does masquerading incoming traffic it should work straight forward.
Some consumer routers do this by default.Masquerading means that it translates the source IP of incoming forwarded packets into its own internal IP (also known as SNAT). This is what the outbound NAT does on pfSense.