problems with Virtual IP's and port forwarding
Im flamboozled on using Virtual IP's and port forwarding. Here is an explanation of my system.
If someone can see why I cannot access the server from outside I'd be very thankful.....
framework of traffic flow:
8 static public IP from suddenlink
Using netgate sg4860 appliance
184.108.40.206 is primary WAN
LAN port is 192.168.2.1 /24 and Ipchicken shows 220.127.116.11 as IP
I am using OPT1 for my server
local address on OPT1 = 192.168.222.1 /24 ( to match 2nd public IP )
The others are Virtual IP's
Virtual IP's are constructed as:
Type: IP Alias
Address type: single address /24
Port Forward rules for the OPT1 server are:
interface: WAN (also tried the VIP 18.104.22.168)
Protocol: TCP (tried tcp/udp as well)
Destination Ports: other; 6660 TO 6669 (is chat server)
Redirect target IP: 192.168.222.101 (IP of server chat software is on)
Redirect target port: other 6660
NAT reflection "use system default"
Filter rule association: "add associated filter rule"
I cannot connect to the chat server externally.
Internally from the chat server I can ping anywhere and access web, but nothing gets in
You need to make sure that the answer the server sends leaves via the vip.. If you forward say .100 to your box but the answer comes from your .200 IP on the wan interface then most clients would not work.
Simple sniff would for starts show you the traffic gets to your wan interface on the vip. And then sniff on your opt to make sure pfsense sends it on and your server answers.
Then validate where your answer is leaving your wan from the native IP or your vip.
You need to make sure that the answer the server sends leaves via the vip
This is done via Firewall/NAT/Outbound. Create a manual rule like:
NAT address: 22.214.171.124
Then the default rule for 192.168.222.0/24 with NAT address of "WAN address" is below that and will pick up all other PCs for the "normal" WAN IP.
KOM last edited by