Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 22 SYN_SENT:CLOSED

    Scheduled Pinned Locked Moved
    NAT
    2
    4
    17.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ceccus
      last edited by

      Dear all,
      sorry for my bad English. I have problem (SYN_SENT:CLOSED) for simple port forward. My pfsense has different IP class for WAN interface (192.168.1.15) and LAN interface (172.22.41.189), LAN is bridge with WAN. My WAN is connected to internet with DSL modem (public ip).

      I want access to a linux pc (SSH protocol), connected to LAN with IP 172.22.41.2, through public ip from remote pc, but does not work (SYN_SENT:CLOSED).  ???

      Please note that the reverse connection (SSH from 172.22.41.2 to remote) pc works perfectly.  :)

      I enabled port forwarding, firewall rules and nat reflection for port range < 500.

      I put following some screenshot.

      Can you help me?

      Very, very thanks in advances!

      1 Reply Last reply Reply Quote 0
      • N
        nocer
        last edited by

        Hi,

        I first recommend doing tcpdump on 172.22.41.2 and confirm that the port 22 is being received. If you don't see any port 22 received then go back to 172.22.41.189 and do the same to confirm port 22 is being forwarded. Basically "SYN_SENT:CLOSED" means that "I have sent SYN but nobody responds to me so I close the session" so that there is something might drop return packet from the 172.22.41.2, or, 172.22.41.2 is not configured for serving ssh ;D

        Ah btw, you won't use TCP/UDP, just TCP is fine for your forwarding config. The same config woks fine on my box, a latest 1.3-AA.

        cheers,

        1 Reply Last reply Reply Quote 0
        • C
          ceccus
          last edited by

          Thanks for your reply!
          I used tcpdump on 172.22.41.2 but do not see any input from pfsense or from remote hosts. I tested SSH lan to lan and this works correctly on 172.22.41.2…

          The configuration shown is correct in your opinion? For example: the virtual IP must be set to LAN or WAN interface?

          The LAN IP (172.22.41.189) > of PC IP (172.22.41.2) may create problems?

          The different class of IP between WAN (192.168.1.15) and LAN (172.22.41.189) may be a problem?

          I am becoming stupid...  ???

          1 Reply Last reply Reply Quote 0
          • N
            nocer
            last edited by

            Hi,

            Ooops, I dind't see it…so why is VIP configured? I mean, it is completely normal that WAN/LAN addresses are in different
            network range. I'm not using VIP so may wrong but first backup current config then can you delete VIP config and all the
            rules back to default, then add port forwarding only to see the packets are flowing pfSense and your linux box(172.22.41.2?).

            Turn your box back to factory default, check one by one, one at a time. That's all I can say for now.

            cheers,

            1 Reply Last reply Reply Quote 0
            • First post
              Last post